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Abstract 

We consider an extension of logic programs, called Lu-programs, that can be used to define 
f~^ ' predicates over infinite lists, w-programs allow us to specify properties of the infinite be- 

t"*^ ' havior of reactive systems and, in general, properties of infinite sequences of events. The 

semantics of w-programs is an extension of the perfect model semantics. We present vari- 
ants of the familiar unfold/fold rules which can be used for transforming cj-programs. We 
show that these new rules are correct, that is, their application preserves the perfect model 
^^ . semantics. Then we outline a general methodology based on program transformation for 

^ ' verifying properties of tj-programs. We demonstrate the power of our transformation-based 

Cw I verification methodology by proving some properties of Biichi automata and a;-regular lan- 

guages. 

KEYWORDS: Program Transformation, Program Verification, Infinite Lists. 

1 Introduction 

The problem of specifying and verifying properties of reactive systems, such as 
protocols and concurrent systems, has received much attention over the past fifty 
years or so. The main peculiarity of reactive systems is that they perform non- 
terminating computations and, in order to specify and verify the properties of 
these computations, various formalisms dealing vifith infinite sequences of events 
have been proposed. Among these we would like to mention: (i) Biichi automata 
and other classes of finite automata on infinite sequences ([Thomas 1990p . (ii) w- 
languages ( [Staiger 1997[ ) , and (iii) various temporal and modal logics (see (jClarke et al. 1999| 
for a brief overview of these logics). 
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Also logic programming has been proposed as a formalism for specifying com- 
putations over infinite structures, such as infinite lists or infinite trees (see, for in- 
stance, HColmerauer 1982[ [Lloyd 1987[ ISimon et al. 20061 |Min and Gupta 2010D ). 



One advantage of using logic programming languages is that they are general pur- 
pose languages and, together with a model-theoretic semantics, they also have an 
operational semantics. Thus, logic programs over infinite structures can be used 
for specifying infinite computations and, in fact, providing executable specifica- 
tions for them. However, very few techniques which use logic programs over infinite 
structures, have been proposed in the literature for verifying properties of infinite 
computations. We are aware only of a recent work presented in ( [Gupta et al. 200"7l ), 
which is based on coinductive logic programming, that is, a logic programming lan- 
guage whose semantics is based on greatest models. 

In this paper our aim is to develop a methodology based on the familiar un- 
fold/fold transformation rules ( [Burstall and Darlington 1977|lTamaki and Sato 1984^ 
for reasoning about infinite structures and verifying properties of programs over 
such structures. In order to do so, we do not introduce a new programming lan- 
guage, but we consider a simple extension of logic programming on finite terms 
by introducing the class of the so-called uj-programs, which are logic programs on 
infinite lists. Similarly to the case of logic programs, for the class of locally stratified 
w-programs we define the perfect model semantics (see ( [Apt and Bol 1994] ) for a 
survey on negation in logic programming). 

We extend to w-programs the transformation rules for locally stratified programs 
presented in ([Fioravanti et al. 20041 IPettorossi and Proietti 20001 [Roychoudhury et al. 2002[ 
ISeki 199"T]|Seki 2010p and, in particular: (i) we introduce an instantiation rule which 
is specific for programs on infinite lists, (ii) we weaken the applicability conditions 
for the negative unfolding rule, and (iii) we consider a more powerful negative fold- 
ing rule (see Sections [3| and |4| for more details). We prove that these rules preserve 
the perfect model semantics of w-programs. 

Then we extend to w-programs the transformation-based methodology for verify- 
ing properties of programs presented in ([Pettorossi and Proietti 2000|) . We demon- 
strate the power of our verification methodology through some examples. In par- 
ticular, we prove: (i) the non-emptiness of the language recognized by a Biichi 
automaton, and (ii) the containment between languages denoted by oj-regular ex- 
pressions. 

The paper is structured as follows. In Section [2| we introduce the class of w-pro- 
grams and we define the perfect model semantics for locally stratified w-programs. 
In Section[3]we present the transformation rules and in Section[4|we prove that they 
preserve the semantics of w-programs. In Section [5] we present the transformation- 
based verification method and we see it in action in some examples. Finally, in 
Section [6| we discuss related work in the area of program transformation and pro- 
gram verification. 
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2 Programs on Infinite Lists 

Let us consider a first order language C^ given by a set Var of variables, a set 
Fun of function symbols, and a set Pred of predicate symbols. We assume that Fun 
includes: (i) a finite, non-empty set E of constants, (ii) the constructor |_|_| of the 
infinite lists of elements of S, and (iii) at least one constant not in S. Thus, [s|i] 
is an infinite list whose head is s G S and whose tail is the infinite list t. Let S" 
denote the set of the infinite lists of elements of E. 

We assume that C^j is a typed language ( [Lloyd 1987 1 with three basic types: 



(i) f term, which is the type of the finite terms, (ii) elem, which is the type of the 
constants in S, and (iii) ilist, which is the type of the infinite lists of S". Every 
function symbol in Fun — {T, U {|_|_]}), with arity n (> 0), has type (ftermx • • • x 
f term) — ;■ f term, where f term occurs n times to the left of — >. The function symbol 
l-l-l has type (elem x ilist) ^ ilist. A predicate symbol of arity n{>0) in Pred 
has type of the form tiX- • -XTn, where ri, . . . , t„ G {f term, elem, ilist}. For every 
term (or formula) t, we denote by vars{t) the set of variables occurring in t. 

An uj-clause 7 is a formula of the form A ^ LiA . . . AL„i, with m > 0, where A 
is an atom and Li, . . . , L^ are (positive or negative) literals, constructed as usual 
from symbols in the typed language Ci^, with the following extra condition: every 
predicate in 7 has, among its arguments, at most one argument of type ilist. 
This condition makes it easier to prove the correctness of the positive and negative 
unfolding rules (see Section |3] for further details). We denote by true the empty 
conjunction of literals. An co-program is a set of w-clauses. 

Let HUhe the Herbrand universe constructed from the set Fun — {I] U {[_|_]}) of 
function symbols. An interpretation for our typed language Ci^, called an w-inter- 
pretation, is a function / such that: (i) / assigns to the types fterm, elem, and 
ilist, respectively, the sets HU, E, and S" (which by our assumptions are non- 
empty), (ii) / assigns to the function symbol |_|_], the function |-|-|/ such that, 
for any element s S S, for any infinite list t G S'^, |s|<]/ is the infinite list |s|t], 
(iii) / is an Herbrand interpretation for all function symbols in Fun— (S U {|_|_]}), 
and (iv) / assigns to every n-ary predicate p G Pred of type ti x . . . x t„, a relation 
on _Di X • ■ • X Dn, where, for i — 1, . . . ,n, Di is either HU or E or S'^, if Ti is either 
fterm or elem or ilist, respectively. We say that an w-interpretation / is an 
uj-model of an w-program P if for every clause 7 g P we have that / 1= VXi . . . VXk 7, 
where vars{j) — {^i, . . . ,Xk}. 

A valuation is a function v : Var — >■ HU UE U S"^ such that: (i) if X has type 
fterm then v{X) e HU, (ii) if X has type elem then v{X) G S, and (iii) if X has type 
ilist then v{X) G E". The valuation function v can be extended to any term t, 
or literal L, or clause 7, by making the function v act on the variables occurring in 
t, or L, or 7. We extend the notion of Herbrand base ( [Lloyd 1987[ ) to w-programs 
by defining it to be the set Bu: = {p{v{Xi), . . . , v{Xn)) | p is an n-ary predicate 
symbol in Pred and u is a valuation}. Thus, any w-interpretation can be identified 
with a subset of Bu; ■ 

A local stiatiUcation is a function a: B^^ -^ W , where W is the set of countable 
ordinals. Given A £ B^^, we define (j{-^A) = a{A) + l. Given an w-clause 7 of the 
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form H -i— Li A . . . A L„i and a local stratification a, we say that 7 is locally 
stratiRed w.r.t. a if, for i = 1, . . . , 771, for every valuation v, a{v(H)) > a{v{Li)). 
An cj-program P is locally stratified w.r.t. a, or cr is a local stratification for P, if 
every clause in P is locally stratified w.r.t. a. An w-program P is locally stratified 
if there exists a local stratification a such that P is locally stratified w.r.t. a. 

A level mapping is a function £ : Pred -H- N. A level mapping is extended to 
literals as follows: for any literal L having predicate p, if L is a positive literal, then 
£{L) ~ £{p) and, if L is a negative literal then £{L) = £(p) + 1. An w-clause 7 of the 
form _ff ^— Li A . . . A L^ is stratified w.r.t. ^ if, for i = 1, . . . , m, i{H) > i{Li). An 
w-program P is stratified if there exists a level mapping £ such that all clauses of P 
are stratified w.r.t. £ ( |Lloyd 1987| ). Clearly, every stratified w-program is a locally 
stratified w-program. Similarly to the case of logic programs on finite terms, for 
every locally stratified w-program P, we can construct a unique perfect co-model 
(or perfect model, for short) denoted by M{P) (see ( |Apt and Bol 1994| for the case 
of logic programs on finite terms). Now we present an example of this construction. 

Example 1 

Let: (i) 5] = {a, &} be the set of constants of type elem, (ii) 5" be a variable of type 
elem, and (iii) X be a variable of type ilist. Let p and q be predicates of type 
ilist. Let us consider the following w-program P: 

p{X)^^q{X) gd^l^l)^ q{la\X\) ^ q{X) 

We have that: (i) p{w) holds iff w is an infinite list of a's and (ii) q{w) holds 
iff at least one b occurs in w. Program P is stratified w.r.t. the level mapping i 
such that £((?) = and £{p) — l. The perfect model M{P) is constructed by starting 
from the ground atoms of level (i.e., those with predicate q). We have that, for 
all w G {a, 6}", q{w)eM{P) iff wiEa*h{a+bY, that is, q{w)(^M{P) iff we a". 
Then, we consider the ground atoms of level 1 (i.e., those with predicate p). For 
all w€{a,hY, p{w)eM{P) iff g(w)^M(P). Thus, p{w)€M{P) iSwGa'^. 



3 Transformation Rules 

Given an w-program Pg, a transformation sequence is a sequence Pq, . . . , Pn, with 
n > 0, of w-programs constructed as follows. Suppose that we have constructed a 
sequence Pq, . . . , Pk, for 0<k< n—l. Then, the next program Pk+i in the sequence 
is derived from program P^ by applying one of the following transformation rules 
R1~R7. 

First we have the definition introduction rule which allows us to introduce a new 
predicate definition. 

Rl. Definition Introduction. Let us consider m (> 1) clauses of the form: 

Si : newp{Xi ,...,Xd)^Bi, . . . , dm ■ newp{Xi , . . . , Xd) ^ B,n 

where: (i) newp is a predicate symbol not occurring in {Pq, . . . , P^}, (ii) Xi, . . . , Xd 
are distinct variables occurring in {Si, ... , S™}, (iii) none of the Si's is the empty 
conjunction of literals, and (iv) every predicate symbol occurring in {5i, . . . , Bm} 
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also occurs in Pq. The set {Si, ... ,6m} of clauses is said to be the definition of 

newp. 

By deEnition introduction from program P^ we derive the new program Pk+i = Pk^ 

{Si,. . . ,Sm}- For n > 0, Defsn denotes the set of clauses introduced by the definition 

rule during the transformation sequence Pq, . . . , Pn- In particular, Defso ={}. 

In the following instantiation rule we assume that the set of constants of type elem 
in the language C^j is the finite set E = { si , . . . , s/j } . 

R2. Instantiation. Let 7: 77 <— i? be a clause in program Pk and X be a variable 
of type ilist occurring in 7. By instantiation of X in 7, we get the clauses: 

ji:{H^B){X/lsi\Xi}, ..., j,,:{H^B){X/lsh\Xj} 
and we say that clauses 71, . . . , 7^ are derived from 7. From Pk we derive the new 
program Pk+i = {Pk - {7}) U {71, . . . , 7^}. 

The unfolding rule consists in replacing an atom A occurring in the body of 
a clause by its definition in Pk. We present two unfolding rules: (1) the positive 
unfolding, and (2) the negative unfolding. They correspond, respectively, to the 
case where A or -^A occurs in the body of the clause to be unfolded. 

R3. Positive Unfolding. Let 7 : H -^ B^ h A /\ Bb, be a clause in program Pk 
and let P^ be a variant of Pk without variables in common with 7. Let 
71 : Ki^ Bi, ..., 7„ : Km ^ Bm {m > 0) 

be all clauses of program f^ such that, for i — 1, . . . ,m, A is unifiable with Ki, 
with most general unifier i^^. 

By unfolding 7 w.r.t. A we get the clauses r]i, . . . ,r]m, where for i = I, . . . ,m, rji 
is {H <— Bi^ A Bi A Biij-di, and we say that clauses 771, ... , r]m are derived from 7. 
From Pk we derive the new program Pk+i = {Pk — {"/}) U {771, . . . , rjm}. 

In rule R3, and also in the following rule R4, the most general unifier can be com- 
puted by using a unification algorithm for finite terms (see, for instance, ( [Lloyd 1987| )). 
Note that this is correct, even in the presence on infinite terms, because in any w- 
program each predicate has at most one argument of type ilist. On the contrary, if 
predicates may have more than one argument of type ilist, in the unfolding rule it 
is necessary to use a unification algorithm for infinite structures (jColmerauer 1982| . 
For reasons of simplicity, here we do not make that extension of the unfolding rule 
and we stick to our assumption that every predicate has at most one argument of 
type ilist. 

The existential variables of a clause 7 are the variables occurring in the body 
of 7 and not in its head. 

R4. Negative Unfolding. Let 7: H ^ Bl A^ A A Br be a clause in program Pk 
and let F^. be a variant of Pk without variables in common with 7. Let 

71: Ki ^ Bi, ..., 7™: Km ^ Bm {m>0) 
be all clauses of program Pj., such that, for i = l,...,m, A is unifiable with 
Ki, with most general unifier 1?^. Assume that: (1) A = Ki-di = •■• = Km'dm, 
that is, for i = 1, . . . ,m, ^4 is an instance of Ki, (2) for i = 1, . . . ,m, 7i has no 
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existential variables, and (3) from ^{Bi^iV. . .\/ Bmdm) we get a logically equivalent 
disjunction Di V . . . V D^- of conjunctions of literals, with r > 0, by first pushing -i 
inside and then pushing V outside. 

By unfolding 7 w.r.t. ^A using Pk we get the clauses 7/1,..., ry^, where, for i = 
1, . . . , r, clause ry^ is -ff <— Bj^ADiABu, and we say that clauses rji, . . . ,rir are derived 
from 7. From Pk we derive the new program Pjt+i = {Pk — {7}) U {771, . . . , rjr}. 

The following subsumption rule allows us to remove from Pk a clause 7 such that 
MiPk) = M{Pk-M). 

R5. Subsumption. Let 71: _ff •(— be a clause in program Pk and let 72 in Pk — {71} 
be a variant of {H ^- B)d, for some conjunction of literals B and substitution -d. 
Then, we say that 72 is subsumed by 71 and by subsumption, from Pk we derive 
the new program Pk+i = Pk - {72}- 

The folding rule consists in replacing instances of the bodies of the clauses that 
define an atom A by the corresponding instance of A. Similarly to the case of the 
unfolding rule, we have two folding rules: (1) positive folding and (2) negative fold- 
ing. They correspond, respectively, to the case where folding is applied to positive 
or negative occurrences of literals. 

R6. Positive Folding. Let 7 be a clause in Pk and let Defs'k be a variant of 
Defsk without variables in common with 7. Let the definition of a predicate in 
Defs'f, consist of the clause 5 : K <— B, where 5 is a non-empty conjunction of 
literals. Suppose that there exists a substitution -d such that clause 7 is of the form 
if <— _Bi A B-d A Br and, for every variable X G vars{B) — vars{K), the following 
conditions hold: (i) Xd is a variable not occurring in {H, Bj,, Br}, and (ii) X-d does 
not occur in the term Yi!), for any variable Y occurring in B and different from X . 
By folding 7 using S we get the clause rj: H ^ B^A K-& A Br , and we say that clause 
77 is derived from 7. From Pk we derive the new program Pk+i = {Pk — {7}) U {rj}. 

R7. Negative Folding. Let 7 be a clause in Pk and let Defsj, be a variant of 
Defsk without variables in common with 7. Let the definition of a predicate in 
Defs'i^ consist of the q clauses Si: K ^^ Li, . . . ,6q: K ■(^ Lq, with g > 1, such that, 
for i = 1, . . . , g, Li is a literal and Si has no existential variables. Suppose that 
there exists a substitution -d such that clause 7 is of the form H ^ B^ A (Mi A ... A 
Mq)d A Br, where, for i = 1, . . . , g, if Li is the negative literal -> Ai then Mi is Ai, 
and if Li is the positive literal Ai then Mi is -'Ai. 

By folding 7 using 5i,. . . ,Sq we get the clause 77: _ff <— B^ A ^K-d A Br, and 
we say that clause 77 is derived from 7. From Pk we derive the program Pk+i — 

{Pk~{i})uM. 

Note that the negative folding rule is not included in the sets of transformation 
rules presented in ( |Roychoudhury et al. 20021 ISeki 1991| FSeki 2010p . The negative 
folding rule presented in (jFioravanti et al. 20041 IPettorossi and Proietti 2000]) cor- 
responds to our rule R7 in the case where <? = 1. 



Transformations of Logic Programs on Infinite Lists 7 

4 Correctness of the Transformation Rules 

Now let us introduce the notion of correctness of a transformation sequence w.r.t. the 
perfect model semantics. 

Definition 1 [Correctness of a Transformation Sequence) 

Let Pq be a locally stratified w-program and Pq, . . . , P„, with n > 0, be a trans- 
formation sequence. We say that Pq, . . . , Pn is correct if (i) Pq U Defsn and Pn are 
locally stratified w-programs and (ii) M{Pq L) Defsn) — M{Pn). 

In order to guarantee the correctness of a transformation sequence Pq, . . . , Pn 
(see Theorem [T] below) we will require that the application of the transformation 
rules satisfy some suitable conditions that refer to a given local stratification a. In 
order to state those conditions we need the following definitions. 

Definition 2 (a-Maximal Atom) 

Consider a clause j: H -^ G. An atom ^ in G is said to be a-maximal if, for every 

valuation v and for every literal L in G, we have a{v{A)) >a{v{L)). 

Definition 3 {a-Tight Clause) 

A clause 6: H ^ C is said to be a-tight if there exists a a-maximal atom A in G 

such that, for every valuation v, a{v{H))—a{v{A)). 

Definition 4 {Descendant Clause) 

A clause rj is said to be a descendant of a clause 7 if either 77 is 7 itself or there exists 
a clause S such that 77 is derived from S by using a rule in {R2, R3, R4, R6, R7}, and d 
is a descendant of 7. 

Definition 5 {Admissible Transformation Sequence) 

Let Pq be a locally stratified w-program and let ct be a local stratification for Pq. 

A transformation sequence Pq, . . . , Pn, with n>0, is said to be admissible if: 

(1) every clause in Defsn is locally stratified w.r.t. a, 

(2) for k — 0, . . . , n — 1, if Pk+i is derived from Pk by positive folding of clause 7 
using clause S, then: (2.1) S is cr-tight and either (2.2.i) the head predicate of 7 
occurs in Pq, or (2.2.ii) 7 is a descendant of a clause /? in Pj, with < j < fc, such 
that (3 has been derived by positive unfolding of a clause a in Pj^i w.r.t. an atom 
which is cr-maximal in the body of a and whose predicate occurs in Pq , and 

(3) for k = 0, . . . , n—1, if Pk+i is derived from Pk by applying the negative folding 
rule thereby deriving a clause r], then 77 is locally stratified w.r.t. a. 

Note that Condition (1) can always be fulfilled because the predicate introduced 
in program Pk+i by rule Rl does not occur in any of the programs Pq,. . . ,Pk- Con- 
ditions (2) and (3) cannot be checked in an algorithmic way for arbitrary programs 
and local stratification functions. In particular, the program property of being lo- 
cally stratified is undecidable. However, there are significant classes of programs, 
such as the stratified programs, where these conditions are decidable and easy to 
verify. 

The following Lemma [1] and Theorem [1] whose proofs can be found in the Ap- 
pendix, show that: (i) when constructing an admissible transformation sequence 
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Pq, . . . , Pn, the application of the transformation rules preserves the local stratifi- 
cation a for the initial program Pq and, thus, all programs in the transformation 
sequence are locally stratified w.r.t. a, and (ii) any admissible transformation se- 
quence preserves the perfect model of the initial program. 

Lemma 1 {Preservation of Local Stratification) 

Let Po be a locally stratified w-program, cr be a local stratification for Fqj and 
Pqj ■ ■ ■ , Pn be an admissible transformation sequence. Then the programs PoUDe/s„, 
Pi, . . . , Pn, are all locally stratified w.r.t. a. 

Theorem 1 [Correctness of Admissible Transformation Sequences) 
Every admissible transformation sequence is correct. 

Now let us make a few comments on Condition (2) of Definition [5] and related 
conditions presented in the literature. Transformation sequences of stratified pro- 
grams over finite terms constructed by using rules Rl, R3, and R6 have been first 
considered in (jSeki 199ip . In that paper there is a sufficient condition, called (F4), 
for the preservation of the perfect model. Condition (F4) is like our Condition (2) 
except that (F4) does not require the cr-maximality of the atom w.r.t. which pos- 
itive unfolding is performed. A set of transformation rules which includes also the 
negative unfolding rule R4, was proposed in (jPettorossi and Proietti 2000)) for lo- 
cally stratified logic programs, and in (jFioravanti et al. 2004[) for locally stratified 
constraint logic programs. In (|Seki 2010[) Condition (F4) is shown to be insufficient 
for the preservation of the perfect model if rule R4 is used together with rules Rl , 
R3, and R6, as demonstrated by the following example. 

Example 2 

Let us consider the initial program Pq = {m ^^, e^— -im, e^— e}. By rule Rl 
we introduce the clause (5i: / <— tti A -le and we derive program Pi — Pq[J{5i\ and 
Defsi = {(5i}. By rule R3 we unfold 5i w.r.t. m and we get the clause 82'- f ^ ~^e. 
We derive program P2 = Po U {8i\- Thus, Condition (F4) is satisfied. By rule R4 we 
unfold 61 w.r.t. -le and we get S3: f -(^ m A -le. We derive program P3 — Pq U {S^}. 
By rule R6 we fold clause ^3 using clause Si, and we get S4: f ^r- f. We derive 
program P4 = Pq U {^4} and Defs^ = {Si}. We have that / e M(Po U Defs^) and 
/ ^ M(P4). Thus, the transformation sequence Pq, . . . , P4 is not correct. 

In order to guarantee the preservation of the perfect model semantics, (jSeki 2010[) 
has proposed the following stronger applicability condition for negative unfolding: 

Condition (NU) : the negative unfolding rule R4 can be applied only if it does not 
increase the number of positive occurrences of atoms in the body of any derived 
clause. 

Indeed, in the incorrect transformation sequence of Example [2] the negative un- 
folding does not comply with this Condition (NU). However, Condition (NU) is 
very restrictive, because it forbids the unfolding of a clause w.r.t. a negative lit- 
eral -ij4 when the body of a clause defining A contains an occurrence of a nega- 
tive literal. Unfortunately, many of the correct transformation strategies proposed 
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in (jPettorossi and Proietti 2000l IFioravanti et al. 2004^ would be ruled out if Con- 
dition (NU) is enforced. Our Condition (2) is more liberal than Condition (NU) 
and, in particular, it allows us to unfold w.r.t. a negative literal ^A also if the body 
of a clause defining A contains occurrences of negative literals. The following is an 
example of a correct, admissible transformation sequence which violates Condition 
(NU). 

Example 3 

Let us consider the initial program P^ = {e?;e7t(0) <— , even{s{s{X))) ^ even{X)^ 
odd{s{0)) <~, odd{s{X)) ^ -i odd{X)} and the transformation sequence we now 
construct starting from Pq. By rule Rl we introduce the following clause 

Si: p ^ even{X) A -■ odd{s{X)) 
and we derive Pi = Pq U {5i}. By taking a local stratification function a such that, 
for all ground terms ti and ^2, cr(p) = a{even{ti)) > a{odd{t2)), we have that Ji 
is cr-tight and even{X) is a cr-maximal atom in its body. By unfolding 5i w.r.t. 
even{X) we derive P2 — PqL) {62,33}, where 

62: p ^ ^ odd{s{0)) 

S3: p ^ even{X) A -1 odd{s{s{s{X)))) 
By unfolding, clause 82 is removed and we derive P3 = Pq U {(^a}. By unfolding ^3 
w.r.t. ^odd{s{s{s{X)))) we derive ^4 = -Pq U {5^}, where 

^4: p <- even{X) A odd{s{s{X))) 
By unfolding ^4 w.r.t. odd{s{s{X))), we derive P^ — P^yj {^5}, where 

^5: p <r- even{X) A -1 odd{s{X)) 
By applying rule R6, we fold clause ^5 using clause 5i and derive the final program 
Pe = ^0 U {5q}, where 

5&- P ^ P- 
The transformation sequence Pq, . . . , Pq is admissible and, thus, correct. In partic- 
ular, the application of rule R6 satisfies Condition (2) of Definition [5] because Si is 
(T-tight and ^5 is a descendant of ^3 which has been derived by unfolding w.r.t. a 
(7- maximal atom whose predicate occurs in Pp. 

Note that, Pq,...,Pq violates Condition (NU) because, by unfolding clause ^3 
w.r.t. -^odd{s{s{s{X)))), the number of positive occurrences of atoms in the body 
of the derived clause (54 is larger than that number in ^3. 

Finally, note that the incorrect transformation sequence of Example [2] is not 
an admissible transformation sequence in the sense of our Definition [Sj because it 
does not comply with Condition (2). Indeed, consider any local stratification a. 
The atom m is not cr-maximal in m f\ -le because e depends on -im and, hence, 
cr(-ie) >a{m). Thus, the positive folding rule R6 is applied to the clause ^3 which 
is not a descendant of any clause derived by unfolding w.r.t. a cr-maximal atom. 



5 Verifying Properties of w-Programs by Program Transformation 

In this section we will outline a general method, based on the transformation rules 
presented in Section [3l for verifying properties of w-programs. Then we will see 
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our transformation-based verification metliod in action in tfie proof of: (i) the non- 
emptiness of the language accepted by a Biichi automaton, and (ii) containment 
between cj-regular languages. 

We assume that we are given an cj-program P defining a unary predicate prop of 
type ilist, which specifies a property of interest, and we want to check whether 
or not M{P) \= 3X prop{X). Our verification method consists of two steps. 

Step 1. By using the transformation rules for w-programs presented in Section [3] we 
derive a monadic w-program T (see Definition [5] below), such that 
M{P) h 3Xprop{X) iff M{T) \= 3X prop{X). 

Step 2. We apply to T the decision procedure of (IPettorossi et al. 2010p for monadic 
w-programs and we check whether or not M{T) \= 3X prop{X). 

Our verification method is an extension to cj-programs of the transformation- 
based method for proving properties of logic programs on finite terms presented 
in (jPettorossi and Proietti 2000p . Furthermore, our method is more powerful than 
the transformation-based method for verifying CTL* properties of finite state re- 
active systems presented in (jPettorossi et al. 2010p . Indeed, at Step 1 of the verifi- 
cation method proposed here, (i) we start from an arbitrary w-program, instead of 
an w-program which encodes the branching time temporal logic CTL* , and (ii) we 
use transformation rules more powerful than those in ([Pettorossi et al. 2010[) . In 
particular, similarly to (jPettorossi and Proietti 2000J) . the rules applied at Step 1 
allow us to eliminate the existential variables from program P, while the transfor- 
mation presented in (jPettorossi et al. 2010p consists of a specialization of the initial 
program w.r.t. the property to be verified. 

Note that there exists no algorithm which always succeeds in transforming an 
w-program into a monadic w-program. Indeed, (i) the problem of verifying whether 
or not, for any w-program P and unary predicate prop, M{P) \= 3X prop[X) is 
undecidable, because the class of w-programs includes the locally stratified logic 
programs on finite terms, and (ii) the proof method for monadic w-programs pre- 
sented in (jPettorossi et al. 2010p is complete. However, we believe that automatic 
transformation strategies can be proposed for significant subclasses of w-programs 
along the lines of (jProietti and Pettorossi 1995| IPettorossi and Proietti 2000|) . 

Definition 6 [Monadic lu-Programs) 

A monadic w-clause is an w-clause of the form ^o ■^ ^i A . . . A L„i, with tti > 0, 
such that: (i) Ag is an atom of the form po or go([s|^ol), where qq is a predicate of 
type ilist and s G E, (ii) for i^l, ..., m, Li is either an atom Ai or a negated atom 
—lAi, where Ai is of the form pi or qi{Xi), and qi is a predicate of type ilist, and 
(iii) there exists a level mapping £ such that, for z = 1, . . . , tti, if L^ is an atom and 
vars{Ao) ^ vars{Li), then £{Ao)>£{Li) else £{Ao)>£{Li). A monadic oj-program is 
a finite set of monadic w-clauses. 

Example 4 {Non-Emptiness of Languages Accepted by Biichi Automata) 
In this first application of our verification method, we will consider Biichi automata, 
which are finite automata acting on infinite words (jThomas 1990p . and we will check 
whether or not the language accepted by a Biichi automaton is empty. It is well 
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known that this verification problem has important applications in the area of model 
checking (see, for instance, (jClarke et al. 1999| ). 

A Biichi automaton ^ is a nondeterministic finite automaton (S, Q, qo,d^ F), 
where, as usual, S is the input alphabet, Q is the set of states, go is the initial 
state, S C QxT,xQ is the transition relation, and F is the set of final states. A run 
of the automaton A on an infinite input word w = bq ai . . . G S" is an infinite 
sequence p = po Pi • ■ ■ G <?" of states such that po is the initial state go and, for 
all n>0, (p„, a„,p„-fi) G S. Let Inf[p) denote the set of states that occur infinitely 
often in the infinite sequence p of states. An infinite word w G E'^ is accepted by A 
if there exists a run p of ^ on w such that Inf{p) n F ^ or, equivalently, if there 
is no state pm in P such that every state p„, with n > m, is not final. The language 
accepted by A is the subset of E", denoted C{A)^ of the infinite words accepted 
by A. In order to check whether or not the language C{A) is empty, we construct 
an oj-program which defines a unary predicate accepting_run such that: 

(a) C{A) 7^ \S 3X accepting_run{X) 

The predicate accepting_run is defined by the following formulas: 

(1) accepting _run{X) =def run{X) A -> rejecting(X) 

(2) run{X) =def 35" (occ(0, X, S) A initial[S)) A 

VAf V5i \/S2 {nat{N) A occ{N , X, 5i) A occ(s{N), X, S2) ^ 3A tr{Si, A, S2))) 

(3) rejecting{X) =def3M{nat{M) A\/N\/S{geq{N ,M) Aocc{N ,X , S) -^ ^ final{S))) 

where, for all n > 0, for all p = po pi . . . G Q", for all g, gi, g2 G Q, for all a G E, 
(i) occ(s"'(0),p, g) iff p„ = g, (ii) initial{q) iff g = go, (iii) nat{s"'{0)) iff n > 0, 
(iv) tr{qi, a, g2) iff (gi, a, g2} G (5, (v) geg(s"(0), s'"(0)) iff n > m, and (vi) final{q) 
iS qeF. 

By (a) and (l)-(3) above, C{A) 7^ iff there exists an infinite sequence p = 
Po pi ■ . ■ G Q'^ of states such that: (i) po is the initial state go, (ii) for all n > 0, 
there exists a G S such that (p„,a,p„+i) G S (see (2)), and (iii) there exists no 
state pm, with m>0, in p such that, for all n>m, pn ^ F (see (3)). 

Now we introduce an w-program F^ defining the predicates accepting_run, run, 
rejecting, nat, occ, and geq. In particular, clause 1 corresponds to formula (1), 
clauses 2-4 correspond to formula (2), and clauses 5 and 6 correspond to formula (3). 
(Actually, clauses 1-6 can be derived from formulas (1)~(3) by applying the Lloyd- 
Topor transformation ( [Lloyd 1987[ ).) In program P4 any infinite sequence popi- . • 
of states is represented by the infinite list [po, pi, . . .] of constants. 

Given a Biichi automaton A = (E, Q, go, 6, F), the encoding w-program P_a con- 
sists of the following clauses (independent of A): 

1. accepting _run{X) <— run{X) A -< rejecting{X) 

2. run{X) ^ occ(0, X, 5*) A initial{S) A -> not_a-run{X) 

3. not_a.run{X) ^ nat{N) A occ{N ,X ,Si) A occ(s(7V),X,52) A ^ exists Jr{Si,S2) 

4. exists J,r{S I, S2) <— tr{Si, A,S2) 

5. rejecting(X) <r- nat{M) A -> exists-fi,nal{M , X) 

6. exists.final{M , X) ^ geq{N, M) A occ{N , A, 5") A final{S) 

7. nat{Q) ^ 
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8. nat{s{N)) ^ nat{N) 

9. occ{Q,lS\Xl,S)^ 

10. occ{s{N), IS\X\,R) ^ occ{N, X, R) 

n.geq{N,0)^ 

12. geq{s{N),s{M})^geq{N,M) 

together with the clauses (depending on A) which define the predicates initial, tr, 
and final, where: for all states s, si, S2 £ Q, for all symbols a e E, (i) initial(s) holds 
iff s is go, (ii) tr{si,a,S2) holds iff {si, a, 82)^6, and (iii) final{s) holds iff sGf. 

The w-program Pj^ is locally stratified w.r.t. the stratification function a defined 
as follows: for every atom A in B^, (j{A) = 0, except that: for every element n in 
{s (0) I fc>0}, for every infinite list p in Q", (i) a{rejecting{p)) — <T{not_a_run{p)) — 
a{nat{n)) = l, and (ii) a{run{p))= a {accepting _run{p)) — 2. 

Now, let us consider a Biichi automaton A such that: 

I]-{a, b], Q = {1,2], go = l, 6 = {{l, a,l), (1, &,1), (1, a,2), (2, a,2}}, f = {2} 
which can be represented by the following graph: 

a, b 



-& 



For this automaton A, program P_a consists of clauses 1-12 and the following 
clauses 13-18 that encode the initial state (clause 13), the transition relation 
(clauses 14-17), and the final state (clause 18): 

13. initial (!) ^ U. tr{l,a,l) ^ 15. ir(l, 6, 1) ^ 

16. tr(l,a,2) ^ 17. tr(2, a, 2) ^ 18. final (2) ^ 

In order to check whether or not C{A) = we proceed in two steps as indicated at 
the beginning of this Section [3 In the first step we use the rules of Section |3] for 
transforming the w-program P_4 into a monadic w-program T. This transformation 
aims at the elimination of the existential variables from clauses 1-6, with the ob- 
jective of deriving unary predicates of type ilist. We start from clause 6 and, by 
instantiation of the variable X of type ilist, we get: 

19. exists_final{M, |1|X]1) ^ geq{N,M) A occ{N , ll\X\, S) N final{S) 

20. exists_final{M , |2|X]1) ^ geq{N, M) A occ{N , [2|X], S)Afinal{S) 

By some unfolding and subsumption steps, from clauses 19 and 20 we get: 

21. exists.final{0, |1|X]) ^ occ{N , X , S) A final{S) 

22. exists.final{s{M), ll\Xl) ^ geq{N , M) A occ{N , X , S) A final{S) 

23. exists_final{{), |2|X]1) 4- 

24. exists_final{s{M), 12\X\) ^ geq{N , M) A occ{N , X , S) A final{S) 

Note that clauses 21-24 are descendants of clauses derived by unfolding clauses 19 
and 20 w.r.t. the a-maximal atom geq{N , M). By rule Rl, we introduce: 

25. newi{X) ^ occ{N , X , S) A final{S) 

This clause is cr-tight by taking, for every infinite list p of states, a{newi{p)) =0. 
By folding clause 21 using clause 25, and folding clauses 22 and 24 using clause 6 
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(indeed, without loss of generality, we may assume that clauses 1-6 have been 
introduced by rule Rl), we get: 

26. exists.final{0, [1|X]1) ^ newi{X) 

27. exists.final{s{M), ll\Xj) <r- exists_final{M, X) 

28. exists.finalis{M),l2\Xl) ^ exists.final{M , X) 

By instantiation of the variable X and by some unfolding and subsumption steps, 
from clause 25 we get: 

29. newi(|l|X|) ^ occ{N , X , S) A final^S) 

30. newi(|2|X]]) ^ 

Note that clause 29 is a descendant of clause 25, that has been unfolded w.r.t. the 
cr-maximal atom occ{N, X, S). By folding clause 29 using clause 25 we get: 

31. newi{ll\Xi) i~ newi{X) 

At this point we have obtained the definitions of the predicates exists_final and 
newi (that is, clauses 23, 26-28, 30, and 31) that do not have existential variables. 
Now the transformation of program P^ proceeds by performing on clauses 1-5 
a sequence of transformation steps, which is similar to the one we have performed 
above on clause 6 for eliminating its existential variables. By doing so, we get: 

32. accepting_run{ll\X^) ■<— -> not_a_run{X) A newi{X) A -'rejecting(X) 

33. rMn(|l|X]) ^ -^ not_a_run{X) 

34. not_a-run{ll\Xl) -(r- not_a_run{X) 

35. not.a.run{l2\X\) ^ new2{X) 

36. not_a-run{^\X\) <— not_a-run{X) 

37. new2{il\Xl) ^ 

38. rejecting{ll\Xl) ^ -^newi{X) 

39. rejecting{ll\X\) •<— rejecting{X) 

40. rejecting{l2\X\) ^ rejecting{X) 

The final oj-program T obtained from program P^, consists of clauses 30-40 and 
it is a monadic w-program. 

Now, in the second step of our verification method, we check whether or not 
3X accepting _run{X) holds in M{T) by applying the proof method of (jPettorossi et al. 2010[) . 
We construct the tree depicted in Figure [TJ where the literals occurring in the two 
lowest levels are the same (see the two rectangles) and, thus, we have detected an in- 
finite loop. According to the conditions given in Definition 6 of (jPettorossi et al. 2010[) , 
this tree is a proof of 3X accepting_run{X). The run p= 12" is a witness for X and 
corresponds to the accepted word a'^ . Thus, C{A) / 0. 

Example 5 [Containment Between uj-Regular Languages) 

In this second application of our verification method, we will consider regular sets 
of infinite words over a finite alphabet S (jThomas 1990P . These sets are denoted 
by oj-regular expressions whose syntax is defined as follows: 

e ::— a | 6162 | 61 + 62 [ e* with a £ S (regular expressions) 

/ ::— e'^ \ eie^ | /1+/2 (w-regular expressions) 
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Figure 1. Proof of 3X accepting _run{X) w.r.t. the monadic w-program T. On the 
right we have shown the infinite loop and the associated accepting run 122" (that 
is, 12"). 



Given a regular (or an w-regular) expression r, by C{r) we indicate the set of 
all words in E* (or S", respectively) denoted by r. In particular, given a regular 
expression e, we have that >C(e") = {wqWi ... e S" | for i>0,Wi G £(e)CS*}. 

Now we introduce an w-program, called Pf, which defines the predicate uj-acc 
such that for any w-regular expression /, for any infinite word w, uj-acc{f , w) holds 
iff w G C{f). Any infinite word oofli ... G S" is represented by the infinite list 
|ao, fli, . . .| of symbols in E. The w-program Pf is made out of the following clauses: 

1. acc{E, [E]) ^ symb{E) 

2. acc{EiE2, X) ^ app{Xi,X2, X) A acc{Ei,Xi) A acc{E2,X2) 

3. acc{Ei + E2,X) ^ acc{Ei,X) 

4. acc{Ei + E2,X) ^ acc{E2,X) 

5. acc{E*,[]) ^ 

6. acc{E*,X) ^ app{Xi,X2,X) A acc{E,Xi) A acc{E* , X2) 

7. uj-acc{Fi + F2,X) ^ uj-acc{Fi, X) 

8. uj-acc{Fi + F2,X) ^ uj-acc{F2, X) 

9. uj-acc{E'^,X) ^ -n newi{E, X) 

10. uj-acc{EiE^, X) ^ prefix{X, N, Xi) A acc{Ei,Xi) A uj-accl{E^, Xi,X) 

11. newi{E,X) ^ nat{M) A ^ new2{E, M , X) 

12. new2{E,M,X) ^ geq{N , M) A prefix{X , N , V) A acc{E* , V) 

13. uj-accl{E,[],X) ^uj-acc{E,X) 

14. Lo-accl{E, [H\ T], lH\Xl) ^ uj-accl{E, T, X) 
15.geqiN,0)^ 

16. geq{s{N), s{M)) ^ geq{N , M) 

17. nat{{)) ^ 

18. nat{s{N)) ^ nat{N) 

19. prefix{X,0,[]) ^ 

20. prefix{lS\Xl s{N), [S\ Y]) ^ prefix{X, N, Y) 

21. appiil Y, Y) ^ 

22. app{[S\X], Y, [S\Z]) ^ app{X , Y, Z) 

together with the clauses defining the predicate symb, where symb(a) holds iff a G E. 
We have that prefix{X, N, Y) holds iff Y is the list of the N (>0) leftmost symbols 
of the infinite list X. Clauses 1-6 stipulate that, for any finite word w and regular 
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expression e, acc{e, w) holds iff w S jO-{e). Analogously, clauses 7-14 stipulate that, 
for any infinite word w and w-regular expression /, uj-acc{f, w) holds iff w e J^if)- 
In particular, clauses 9, 11, and 12 correspond to the following definition: 

LJ-aCc{E'^,X) =def 

\/M{nat{M) -^ 3N3 V{geq{N, M) A prefix {X , N, V) A acc{E\ V))) 

The w-program Pf is stratified and, thus, locally stratified. 

Now, let us consider the w-regular expressions /i =^gf a" and /2 ^^^gf (&*«)"■ 
The following two clauses: 

23. expr-^{X) ^ uj-acc{a" ,X) 24. expr^iX) ^ uj-acc{{b* a)'^ , X) 

together with program Pf , define the predicates expri and expr2 such that, for every 
infinite word w, expri('w) holds iff w S C{fi) and expr2{'w) holds iff w G ^{h)- If 
we introduce the following clause: 

25. not_contained{X) •<— expri(X) A ^ expr2{X) 

we have that C{fi) C ^(/a) iff M{Pf U{23, 24, 25}) ^ 3Xnot_contained{X). By per- 
forming a sequence of transformation steps which is similar to the one we have per- 
formed in Example m from program Pf U {23, 24, 25} we get the following monadic 
w-program T: 

26. not_contained{la\Xl) -S— -^new3{X) A newi{X) 31. new5(|a|X|) ■<— newi{X) 

27. newsilalXj) ^ newsiX) 32. newr,{lb\xl) ^ new^iX) 

28. new3ilb\Xj) ^ 33. new5(|[6|X]l) i-^newe{X) 

29. net/;4(|a|XI) ^ new^iX) 34. newe{la\Xl) ^ 

30. new4{lb\Xj) <- new^iX) 35. newgCI&l^l) ^ rieW6(X) 
By using the proof method for monadic w-programs of (jPettorossi et al. 20101) we 
have that M{T) ^ 3X not_contained{X) and, thus, C{fi) C L{f2). 

6 Related Work and Conclusions 

There have been various proposals for extending logic programming languages to in- 
finite structures (see, for instance, (|Colmerauer 1982 l |Lloyd 1987||Min and Gupta 2010[ 
ISimon et al. 2006| ). In order to provide the semantics of infinite structures, these 
languages introduce new concepts, such as complete Herbrand interpretations, ra- 
tional trees, and greatest models. Moreover, the operational semantics of these lan- 
guages requires an extension of SLDNF-resolution by means of equational reasoning 
and new inference rules, such as the so-called coinductive hypothesis rule. 

On the contrary, the semantics of w-programs we consider in this paper is very 
close to the usual perfect model semantics for logic programs on finite terms, and 
we do not define any new operational semantics. Indeed, the main objective of this 
paper is not to provide a new model for computing over infinite structures, but 
to present a methodology, based on unfold/fold transformation rules, for reasoning 
about such structures and proving their properties. 

Very little work has been done for applying transformation techniques to logic 
languages that specify the (possible infinite) computations of reactive systems. No- 
table exceptions are (jUeda and Furukawa 1988|) and (jEtalle et al. 2001]) . where the 
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unfold/fold transformation rules have been studied in the context of guarded Horn 
clauses (GHC) and concurrent constraint programs (CCP). However, GHC and 
CCP programs are definite programs and do not manipulate terms denoting infi- 
nite lists. 

The transformation rules presented in this paper extend to w-programs the rules 
for general programs proposed in (jFioravanti et al. 20041 IPettorossi and Proietti 20001 
IRoychoudhury et al. 2002{ [SeknOQll ISeki 2010p . In Sections [3] and g] we discuss in 



detail the relationship of the rules in those papers with our rules here. 

In Section [5] we have used our transformation rules for extending to infinite lists 
a verification methodology proposed in (jPettorossi and Proietti 2000p and, as an 
example, we have shown how to verify properties of the infinite behaviour of Biichi 
automata and properties of w-regular languages. This extends our previous work 
(see (jPettorossi et al. 2010[) ). as already iUustrated at the beginning of Section [5l 

The verification methodology based on transformations we have proposed here is 
very general. It can be applied to the proof of properties of infinite state reactive 
systems; thus it goes beyond the capabilities of finite state model checkers. The 
focus of our paper has been the proposal of correct transformation rules, that is, 
rules which preserve the perfect model, while the automation of the verification 
methodology itself is left for future work. This automation requires the design of 
suitable transformation strategies that can be defined by adapting to w-programs 
some strategies already developed in the case of logic programs on finite terms (see, 
for instance, (jProietti and Pettorossi 19951 IPettorossi and Proietti 2000p V 

Many other papers use logic programming, possibly with constraints, for speci- 
fying and verifying properties of finite or infinite state reactive systems (see, for in- 
stance, (|Abadi and Manna 19891 IDelzanno a nd Podelski 2001; Fribourg and Ol sen 1997[ 
IJafi^ar et al. 2004ULeuschel and Massart 2000tiNilsson and Liibcke 2000iiRamakrishna et al. 1997p ). 
but they do not consider terms which explicitly represent infinite structures. As we 
have seen in the examples of Section [SI infinite lists are very convenient for speci- 
fying those properties and the use of infinite lists avoids ingenious encodings which 
would have been otherwise required. 
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Appendix A Proofs for Section |4] 

We start off by showing that admissible transformation sequences preserve the focal 
stratification a for the initial program Pq as stated in the following lemma. 

Lemma [T] (Preservation of Local Stratification) 

Suppose that Po is a locally stratified w-program, cr is a local stratification for Pq, 
and Pq, Pi, . . . , Pn is an admissible transformation sequence. Then the programs 
Pq U Defsn, Pi, ■ . ■ , Pn are locally stratified w.r.t. a. 

Proof 

Since Pq, . . . , F„ is an admissible transformation sequence, every definition in Defs^ 

is locally stratified w.r.t. a (see Point (1) of Definition [5]) . Since, by hypothesis, Pq 

is locally stratified w.r.t. a, also Pq U Defs^ is locally stratified w.r.t. a. 

Now we will prove that, for k ~ 0, . . . ,n, Pk is locally stratified w.r.t. a by induction 

on k. 

Basis {k — 0). By hypothesis Pq is locally stratified w.r.t. a. 

Step. We assume that Pk is locally stratified w.r.t. a and we show that Pk+i is 
locally stratified w.r.t. a. We proceed by cases depending on the transformation 
rule which is applied to derive Pk+i from P^- 

Case 1. Program Pk+i is derived by definition introduction (rule Rl). We have that 
Pk+i = Pk^ {<5i, . . . ,5m\, where Pk is locally stratified w.r.t. a by the inductive 
hypothesis. Since Pq, . . . ,Pn is an admissible transformation sequence, {5i, . . . ,5,n] 
is locally stratified w.r.t. a (see Point (1) of Definition [5]) . Thus, Pk+i is locally 
stratified w.r.t. a. 

Case 2. Program Pk+i is derived by instantiation (rule R2). We have that Pk+i = 
{Pk — {7}) U {71, . . . , 7ft,}, where 7 is the clause H <— B and, for i = 1, . . . ,h, ji is 
the clause {H ^ B){X /ls^\Xj}. 

Take any i E {I,. . . ,h}. Let L{X/|si|X]} be a literal in the body of 7^ . Let v be any 
valuation and v' be the valuation such that v'{X) = |si|w(X)| and v'{Y) = v{Y) 
for every variable Y different from X . We have: 

a{v{H{X/ls,\Xj})) =ct{v'{H)) (definition of w') 

> a{v'{L)) (7 is locally stratified w.r.t. cr) 

= alv{L{X/ls^ \Xj})) (definition of v') 

Thus, 7i is locally stratified w.r.t. a. Hence, Pk+i is locally stratified w.r.t. a. 

Case 3. Program Pk+i is derived by positive unfolding (rule R3). We have that 
Pk+i — {Pk — {7}) U {771, . . . ,r]m}, where 7 is a clause in Pk of the form H ^ 
Gl /\ A /\ Gr and clauses 771, . . . , ?]„ are derived by unfolding 7 w.r.t. A. Since, by 
the induction hypothesis, {Pk — {7}) is locally stratified w.r.t. cr, it remains to show 
that, for i = 1, . . . ,m, clause rji is locally stratified w.r.t. a. For i = 1, . . . ,m, rji 
is of the form (-ff <— Gl /\ Bi /\ Gii)'di, where 7^: Ki <— Bi is a clause in a variant 
of Pk such that 7^ has no variable in common with 7 and ASi — Ki-di. Take any 
valuation v and let v' be a valuation such that, for every variable X occurring in 7 
or7„ v'{X) = v{Xd,). 



18 A. Pettorossi, M. Proietti, and V. Senni 

Let Gl A Bi A Gr be the conjunction of s (> 0) literals Li, . . . , Lg. Without loss 
of generality, we assume that Gl A Gr is Li A ... A Lr and Bi is Lr+i A . . . A Lg, 
with < r < s. 
For j = 1, . . . , r, we have: 

(j{v{Hd,)) ^ (tW{H)) (definition of v') 

> a{v'{Lj)) (7 is locally stratified w.r.t. a) 
= a{v{Lj'di)) (definition of v') 

For i = r + 1, . . . , s, we have: 

(j{v{Hd,)) = <jW{H)) (definition of v') 

> (j{v'{A)) (7 is locally stratified w.r.t. <t) 

— a{v'{Ki)) (definition of v' and because Adi = Kidi) 

> a{v' {Lj)) (7i is locally stratified w.r.t. a) 
= a{v{Ljdi)) (definition of v') 

Thus, the clause rji is locally stratified w.r.t. a. 

Case 4. Program Pk+i is derived by negative unfolding (rule R4). We have that 
Pk+i = {Pk — {7}) U {?7i, . . . ,771-}, where 7 is a clause in Pk of the form H ■(— 
Gl a ^A a Gr and clauses rji, . . . ^7]r are derived by negative unfolding 7 w.r.t. -^A. 
Since, by the inductive hypothesis, {Pk — {7}) is locally stratified w.r.t. a, it remains 
to show that, for j = 1, . . . , r, clause rjj is locally stratified w.r.t. a. 

Let 71 : Ki <— _Si , . . . , 7^ : Km ^— Bm be the clauses in a variant of Pk such 
that, for i = 1, . . . , 771, A — Kidi for some substitution di. Then, for j = 1, . . . , r, rjj 
is of the form H ■<— Lji A ... A Ljg and, by construction, for p = 1, . . . , s, Ljp is a 
literal such that either (Case a) Ljp is an atom that occurs positively in Gl A Gij, or 
(Case b) Ljp is a negated atom that occurs in Gl A Gr, or (Case c) Ljp is an atom 
M and -^M occurs in Sit^i, for some i G {1, . . . , m}, or (Case d) Ljp is a negated 
atom ^M and M is an atom that occurs positively in Bidi, for some i G {1, . . . , m}. 

Take any j e {l,...,/i}. Take any p G {l,...,s}. Take any valuation v. In 
Cases (a) and (b) we have a{v{H)) > a{v{Ljp)) because, by the inductive hypoth- 
esis, 7 is locally stratified w.r.t. a. In Case (c) we have: 

<t{v{H)) > <t{v{A)) (7 is locally stratified w.r.t. a and 

-^A occurs in the body of 7) 
= a{v{K,d,)) {A - K,d,) 

> a{v{Ljp)) (7i is locally stratified w.r.t. a) 

In Case (d) we have: 

a{v{H)) > <t{v{A)) + 1 (7 is locally stratified w.r.t. a and 

-^A occurs in the body of 7) 
= a{v{K,d,)) + l {A^K,^,) 

> a{v{Ljp)) + 1 (7i is locally stratified w.r.t. n) 

Thus, rjj is locally stratified w.r.t. a. Hence, Pk+i is locally stratified w.r.t. a. 

Case 5. Program Pk+i is derived by subsumption (rule R5). Pk+i is locally stratified 
w.r.t. a by the inductive hypothesis because Pk+i C Pk. 

Case 6. Program Pk+i is derived by positive folding (rule R6). We have that Pk+i — 
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{Pk — {7}) U {t]}, where 77 is a clause of the form _ff <— B^ A K-d A Bji derived by 
positive folding of clause 7 of the form H -^ Bl /\ Ed A Br using a clause 5 of the 
form K -^ B G Defs)^. We have to show that 77 is locally stratified w.r.t. a, that 
is, for every valuation v, a{v{H)) > a{v{K)'d). 

Take any valuation v. By the inductive hypothesis, since 7 is locally stratified 
w.r.t. cr, we have that: (a) for every literal L occurring in B^ A B-d A Br, we have 
aiv{H))>aiv{L)). 

By the applicability conditions of rule R6, clause S is the unique clause defining 
the predicate of its head and, by the hypothesis that the transformation sequence is 
admissible, this definition is cr-tight (see Point (2) of Definition [S|) . Thus, for every 
valuation v' , we have that: (1) for every L in B, a{v'{K)) > a-{v'{L)), and (2) there 
exists an atom ^ in i? such that a{v'{K)) = a{v'{A)). 

Let the valuation v' be defined as follows: for every variable X, v'{X) = v{Xi!}). 
Then, we have that: (^ • 1) for every L in B, a{v{K-d)) > a{v{L-d)), and (/3 • 2) there 
exists an atom ^ in i? such that a{v{K-d)) — a{v{A'd)). Thus, from (a), (/3 • 1), 
and (/3 • 2), we get that a{v{H)) > a{v{K-d)). Hence, 77 is locally stratified w.r.t. a. 

Case 7. Program Pk+i is derived by negative folding (rule R7). We have that 
Pk+i — {Pk — {7}) U {t]} and, by the hypothesis that the transformation sequence 
is admissible, 77 is locally stratified w.r.t. a (see Point (3) of Definition [5|) . D 

In the rest of this Appendix we will consider: 
(i) a local stratification a : B^^ ^i' W, 

(ii) an w-program Pq which is locally stratified w.r.t. a, and 
(iii) an admissible transformation sequence Pq, . . . , Pn- 

Definition 7 {Old and New Predicates, Old and New Literals) 

Each predicate occurring in Pq is called an old predicate and each predicate intro- 
duced by rule Rl is called a new predicate. An old literal is a literal with an old 
predicate. A new literal is a literal with a new predicate. 

Thus, the new predicates are the ones which occur in the heads of the clauses of 
Defs^. 

Without loss of generality, we will assume that the admissible transformation 
sequence Pq, . . . , P„ is of the form Pq, . . . , Pd, . . . , Pn, with 0<d<n, where: 

(1) the sequence Pq, . . . , Pd, with d > 0, is constructed by applying d times the 
definition introduction rule, and 

(2) the sequence Pd, ■ ■ ■ , Pn, is constructed by applying any rule, except the defi- 
nition introduction rule Rl. 

Thus, Pd = PqU Defs^. In order to prove the correctness of the admissible transfor- 
mation sequence Pq, . . . , Pn (see Proposition [T] below) we will show that M{Pd) = 
M{Pn). In order to prove Proposition [1] we introduce the notion of a proof tree 
which is the proof-theoretic counterpart of the perfect model semantics (see Theo- 
rem [2] below) . A proof tree for an atom A G B^i and a locally stratified w- program 
P is constructed by transfinite induction as indicated in the following definition. 
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Definition 8 {Proof Tree for Atoms and Negated Atoms) 

Let A be an atom in B^^j, let f be a locally stratified aj-program, and let ct be a local 
stratification for P . Let PT^a denote the set of proof trees for H and P, where 
H gB^ and a{H) < a{A). 

A proof tree for A and P is a finite tree T such that: 
(i) the root of T is labeled by A, 
(ii) a node N oi T has children labeled by Li , . . . , L^ iff -^ is labeled by an atom 

H G Buj and there exist a clause 7 e P and a valuation v such that v^j) is 

H <^ Li A . .. A Lr, and 
(iii) every leaf of T is either labeled by the empty conjunction true or by a negated 

atom ^H, with H ^ B^, such that there is no proof tree for H and P in PT^a- 
Let A be an atom in Bi^ and P be a locally stratified cj-program. 
A proof tree for ^A and P exists iff there are no proof trees for A and P. There 
exists at most one proof tree for -^A and P and, when it exists, it consists of the 
single root node labeled by ^A. 

Remark 1 

(i) For any A ^ B^ ii there is a proof tree for A and P, then there is no proof tree 

for -lyl and P. 

(ii) In any proof tree if a node H is an ancestor of a node A then <j{H) > a-{A). 

The following theorem, whose proof is omitted, shows that proof trees can be 
used for defining a semantics equivalent to the perfect model semantics. 

Theorem 2 (Proof Tree and Perfect Model) 

Let P be a locally stratified oj-program. For every A ^ B^, there exists a proof tree 

for ^ and P iff ^ G M{P). 

In order to show that M(Pd) = M{Pn), we will use Theorem [2] and we will show 
that, given any atom A G Buj, there exists a proof tree for A and Pd iff there exists 
a proof tree for A and P„ . 

In the following, we will use suitable measures which we now introduce. 

Definition 9 {Three Measures: size, weight, /i) 

(i) For any proof tree T, size{T) denotes the number of nodes in T labeled by 

atoms in B^^. 
(ii) For any atom A G B^^, the ordinal (j{A) is said to be the stratum of A. 

For any ordinal a £ W , for any proof tree T, weight{a, T) is the number of 

nodes of T whose label is an atom with stratum a. (Recall that true, that is, 

the empty conjunction of literals, is not an atom.) 
(iii) For any atom ^ e Bi^, we define: 

min-weight{A) =fipf TiAn{weight{a, T) \ a{A)—a and 

T" is a proof tree for A and P^}. 

(iv) For any atom A £ B^j such that there exists at least a proof tree for A and Pd , 
we define: 

li{A) —figf {o'{A), min-weight{A)) if A is an old atom 
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fJ-{A) — ripf (f(^), min-weight{A) — 1) if A is a. new atom 
(v) For any atom A ^ B^ such that there exists no proof tree for A and Pd^ we 
define: 

Remark 2 

(i) // A is an old atom then min-weight{A) > else min-weight(A) > 0. 

(ii) For any atom A e B^^, fJ.{A) is undefined if there is no proof tree for A and P^;. 

Now we extend fi to conjunctions of hterals. First, we introduce the binary op- 
eration ©: (WxN)^— 7'(FFxN), where W is the set of countable ordinals and N 
is the set of natural numbers, defined as follows: 

{(ai, mi) if ai > a2 

(ai, mi + 7712) if ctx = a-i 

{012, m2) if a\ < a2 

or equivalently, 

(ai,mi) ® {a2, m2) = 

= (max(ai,a2), if a\ = a2 then mi + m2 else{if ai>a2 then mi else 7712)) 
Given a conjunction of literals Li A . . . A Lr such that, for i = 1, . . . ,r, with r > 1, 
there is a proof tree for Li and Pd, we define: 

n{Li A...ALr) =^gj ^i{Li) © • • • © fiiLr) 
For irwe, which is the empty conjunction of literals, we define: 
Hitrue) ^^^j (0,0) 

Note that the definition of fi{true) is consistent with the fact that true is the neutral 
element for A and, thus, n{true) should be the neutral element for ©, which is (0, 0). 
The following lemma follows from the definition of the measure /x. Recall that a 
new predicate can only be defined in terms of old predicates. 

Lemma 2 {Properties of fi for a Definition in Pd) 

Let (5 G -Pd be a cr-tight clause introduced by the definition rule Rl with m = 1, that 
is, 5 is the only clause defining the head predicate of 5 in Pd- Let w be a valuation 
and v{5) be of the form: K <- LiA. . .AL,. We have that: ^i.{K) = ^(Li)©. . .®fi{Lq). 

Proof 

Without loss of generality, we may assume that Li is an atom and o'{K) = (j{Li) 

because 5 is a-tight and, thus, Li is u-maximal. We have that: 

Thus 

fJ.{K) = {a{K), min-weight{K) — l). 

Now, min-weight{K) = {by definition of min-weight} = 

= imii{'weight{a{K) , Tk)} where Tk is a proof tree for K and Pd — 

= {by definition of weight (see also Figure [XT]) } = 

= (minE.^i,...,, weightiaiK), T,))+l 

where for z = 1, . . . , g, Ti is a proof tree for Li and Pd = 
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= {by definition of weight and Remark [T]} = 

= (minE,=i,...,9 A c7iL0=<T{K) weight{c7{K), T,)) + l = {by mmJ2 = E min} 

= {'E^=l,....,q A a{u)=a(K)™^-'^(^wht{Ul) + 1 = {by cr-tigfitness} = 

= (Ej=i,...,g A <T(L,)=<T(Li)™^-weJfffe<(i,)) + l. 
Thus, 
/i(7r) = (cr(Li), Ej=i,...,g A a(L,)=a(Lt)™'^-^^i9ht{L,)) = {by definition of ©} 

= ^l{Ll)®...®IJL[Lq). U 




Figure A 1. A proof tree for K and Pd- Tliere is a valuation v and a clause & E Pd 
such that u((5) is of the form: K 'S— Li A . . . A Lg. For j = 1, . . . , g, T^ is a proof tree 
for Li and Pd- 



Let > denote the usual greater-than relation on N. Let >igj. denote the lexico- 
graphic ordering over W x N. 

Let TTi and TT2 denote, respectively, the first and second projection function on 
pairs. Given a pair A = (a, b) by Ai we denote a and by A2 we denote b. 

Lemma 3 [Properties of ©) 

(i) ® is an associative, commutative binary operator, 
(ii) For every A,B, C & W x N and 7^ £ i — lex^ -^lex}^ ^^ have that: 
(ii.l) ^©5 >^g^ A 
iu.2)iiA>i^^B 

(ii.3) if A >i^^ B, Ai> Ci, and ^2 > 
(ii.4) \i AUB auA Ai> Ci 
(ii.5) \iAnB®C 



then A® C >i^^ B® C 
then A® C >ig^ B® C 
then ATI B® C 
then An B and An C 



Proof 

(i) It follows immediately from the definition. 

(ii.l) By cases. If Ai > Bi then A® B ^ A >^g^ A. If Ai = 5i then A® B 
{Ai,A2 + B2) >ig^ A. If Bi > Ai then A®B = B >^g^ ^. 

(ii.2) Let us consider the following two pairs: 

{a)=d^fA®C^ 

— (max(^i, Ci), if Ai = Ci then A2 + C2 else if Ai> Ci then A2 else C2) 
and 

iP)-defB®C = 
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= (niax(i?i, Ci), if Bi = Ci then B2+ C2 else if Bi > Ci then B2 else C2). 
We have to show that (a) >ig^ (/3). 

Since A >Iq^ B, there are two cases. Case (1): A ~ B, and Case (2): A >ig^ B. 
Case (2) consists of two subcases: Case (2.1): Ai > Bi, and Case (2.2): Ai = Bi 
and A2 > B2. 

In Case (1) we have that (a) = (/3). Thus, we get (a) >ip^ (/3) as desired. 
In Case (2.1) we consider two subcases: Case (2.1.1): Ai > Bi and Bi > Ci, and 
Case (2.1.2): Ai > Bi and Bi < Ci. 

In Case (2.1.1) we have that max(yli, d) > niax(Si, Ci) and thus, we get that 
(a) >/e^ (/3). 

In Case (2.1.2) {(3) reduces to (Ci, C2) and, since Ai > Bi > Ci, we get that 
(a) >i^^ (/3). 
In Case (2.2) since Ai = Bi, (/3) reduces to 

(max(yli, Ci), if Ai = Ci then B2 + C2 else if Ai > Ci then B2 else C2) 
and, since yl2 > i?2, we get that [a) >ig^ (/?). 

(ii.3) Let us consider again the two pairs: 

= (niax(yli, Ci), if A\ — C\ then A2 + C2 else if A\ > Ci then A2 else C2) 
and 

iP)-defB®C = 

— (niax(i?i, Ci), if Bi — Ci then B2+ C2 else if Bi > Ci then B2 else C2). 
We have to show (a) >;g2; (/?)• 

Since A >i^^ B there are two cases. Case (1): Ai > Bi and Ai > Ci and A2 > 0. 
Case (2): Ai = Bi and A2 > B2 and Ai > Ci and A2 > 0. 

For Case (1) we consider two subcases: Case (1.1) Ai — Ci and Case (1.2) Ai > Ci. 
In Case (1.1) we have that (a) reduces to (Ci, ^2 + C2) and 
(/3) reduces to (Ci, if Bi = Ci then B2 + C2 else if Bi > Ci then B2 else C2) 
and since Ai> Bi and yli = Ci, we get that (/3) further reduces to (Ci, C2) and, 
since A2 > 0, we get that (a) >Iq^ {f3). 

In Case (1.2) we have that (a) reduces to (^1, . . .) and (/3) reduces to 
(niax(Si, Ci), . . .), and since Ai > Bi and Ai > Ci wc get that (a) >ig^ {f3). 

For Case (2) we consider two subcases: Case (2.1) Ai ^ Bi = C\ and Case (2.2) 

Ai = Bi> Ci. 

In Case (2.1) we have that [a) reduces to (^1, A2 + C2) and (/3) reduces to (^1, S2 + 

C2), and since in Case (2) we have that A2 > B2, we get that (a) >igj. (/3). 

In Case (2.2) we have that (a) reduces to (^1, ^2) and (/3) reduces to (i?i, S2), and 

since Ai = Bi and in Case (2) we have that A2 > B2, we get that (a) >Iq^ (/3). 

(ii.4) We have that: 

5©C = (niax(5i, C\), if Bi ^ Ci then B2+C2 else if Bi > Ci then B2 else C2) 
We reason by cases. Case (1): we assume A — B and Ai > Ci and we show A >ig^ 
B (B C. Case (2): we assume A >Iq^ B and Ai > d and we show A >Iq^ B (B C. 

Case (1). Since A ^ B, from Ai > Ci we get that Bi > Ci and thus, B ® C = B. 
Thus, A>i^^ B ® C. 
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Case (2). There are two subcases: (2.1) Ai > Bi and Ai > Ci, and (2.2) (^i = Bi 

and A2 > B2) and Ai> Ci. 

Case (2.1). We have that: Ai > max(i?i, Ci) and thus, A >i^^ B (Q C. 

Case (2.2). Since Ai = Bi and Ai> Ci, we have that: B® C = (5i, ^2) =^g^ 5. 

Since ^1 = Bx and yl2 > S2 we get A >ig^ B, and thus, A >i^^ B (B C. 

(ii.5) We have that: 

B®C = (niax(5i, Ci), i/ Bi = Ci f/ien B2+C2 eZ.se if Bi > Ci f/ien S2 eZse C2) 
We reason by cases: Case (1) A ~ B ® C, and Case (2) A >Iq^ B (B C. In order 
to show Point (ii.5) in Case (1) we have to show A >i^^ B and A >igrj. C, and in 
Case (2) we have to show A >i^^ B and A >i^^ C . 

Case (1) Assume A^ B ® C. 

Case (1.1): Bi = Ci. Thus, Ai = Bi = C\ and ^12 = ^2 + C2. Thus, A >i^^ B and 

A >i^^ C. 

Case (1.2): Bi > Ci. Thus, Ai = Bi and ^2 = B2. Thus, yl >;g2; S and A >i^^ C. 

Case (1.3): Si < Ci. Like Case (1.2), by interchanging B and C. 

Case (2) Assume A >ig^ B (B C. 

Case (2.1): yli > max(Si, Ci). We get: ^ >i^^ B and yl >;g2; C- 

Case (2.2): ^1 = max(5i, Ci). 

Case (2.2.1): Bi = Ci. We have: Ai ^ Bi = Ci and, since yl >/ex B (B C, we have: 

^2 > -S2 + C2. Thus, we get A>i^^ B and ^ >^g2; C"- 

Case (2.2.2): Bi > Ci. Thus, Ai = max(5i, Ci) ^ Bi. Since yl >^g^ S © C and 

Ai = 7ri(B © C), we have: A2 > tt2{B ® C), that is, 

A2 > if Bi~ Ci then B2 + C2 else if Bi > Ci then B2 else C2, that is, 

A2 > B2. 
Thus, we get A >i^^ B and, since Bi > Ci, we also get A >i^^ C. 
Case (2.2.3): Si < Ci. Like Case (2.2.2), by interchanging B and C. D 

Notation 3 

By L we wih denote the negative hteral ^L, if L is a positive hteral, and the positive 

hteral A, if L is the negative hteral -^A. 

Lemma 4 

For ah atoms A Q Boj, hterals Li, . . . , L„j, which are either atoms in Bui or negation 

of atoms in Bu:, if for i — 1, . . . , m, <t{A) > a{Li) then fi{A) '>Iq^ m(-^i) ffi • • • © 

^{Lm)- 

Proof 

The proof is by induction on m by recahing that the © is associative and commuta- 
tive. We do the induction step. The base case can be proved similarly to Cases (1) 
and (2.1) below. 

We assume that ^Ji{A) >Iq^ A^(ii) © • • • © m(^j)j ^ot some j > 1, and we show 
that 11(A) >;g^ /u(Ii) © • • ■ © fi(Lj) © fJ.(Lj+i)- 

By definition, iJ,(A) = {a{A),0). Let /x(Zi) © ••• © fj,(Lj) = (/3, wi), for some 
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13 € W and wi £ N. Thus, the induction hypothesis can be stated as follows: 
{aiA),0)>i^^ (/3,k;i). 

We have the following two cases. 

Case (1). Assume that Lj+i is a positive literal, say B. Let fJ.{B) be (cr(-B), W2), 
for some W2 e W. Since cr{A) > a{Lj+i) > ct(-B), by Lemma [3] (h. 4) we get that 

m(^) >iex Ai(^i) ffi • • • ffi Ai(^j) © m(-B)- 

Case (2). Assume that L^+i is a negative literal, say -li?. Let ni^B) be {a{B), 0). 
By hypothesis, we have (T(yl) > a{Lj+i) = cr(i3). We have three subcases. 
Case (2.1). a{B) > /3. By induction hypothesis we have that {a'{A), 0) >;g2; {l3, wi). 
We also have that {/3,wi) © {(j{B),0) = (cr(S),0} and (cr(^),0} >i^^ (ct(S),0}. 
Thus, we get {<j{A),0) >i^^ (/3, wi) ® (ct{5),0). 

Case (2.2). <j{B) = /3. By induction hypothesis we have that ((t(j4), 0) >^g2; (/^j wi). 
We also have that (/3, wi) ® (cr(B),0} = (;5,wi). Thus, we get (cr(^),0) >;g2; 
(/3,zi;i)©(a(i?),0). 
Case (2.3). (t(B) < p. As Case (2.2). D 

Now we introduce the notion of a fi-consistent proof tree which will be used in 
Proposition [T] below. This notion is a generalization of the one of a rank-consistent 
proof tree introduced in (ITamaki and Sato 1984[) . 

Definition 10 {a-max Derived Clause) 

We say that a clause 7 in a program Pk of the sequence Pd, ■ ■ ■ , Pn is a a-max 
derived clause if 7 is a descendant of a clause /? in Pj, with d <j <k, such that 
/3 has been derived by unfolding a clause a in Pj-i w.r.t. an old a-maximal atom. 
(Recall that, by definition, a clause is a descendant of itself.) 

Definition 11 {fi- consistent Proof Tree) 

Let A be an atom in B^^ and Pk be a program in the transformation sequence 

Pd, . . . , Pn- We say that a proof tree T for A and -Pfc is ji-consistcnt if for all atoms 

i/, all literals Li, . . . , Lr which are the children of 77 in T, where H <r- Li A. . .ALr 

is a clause v{-y) for some valuation v and some clause j G Pk, we have that: 

if H has a new predicate and 7 is not cr-max derived 

then i^{H) >i^^ fi{Li) © • • • © iJ,{Lr) 

else n{H)>i^^n{Li)®---®n{Lr). 

The proof tree for the negated atom ^A and Pk, if any, is /i-consistent. (Recall 
that this proof tree, if it exists, consists of the single root node labeled by -1^.) 

Let us consider the following ordering on B^j which will be used in the proof of 
Proposition [TJ 

Definition 12 {Ordering y-) 

Given any two atoms Ai, A2 G B^^, we write Ai >- A2 if either 

(i) ^i{Ai) >i^^ ^(^2), or 

(ii) n{Ai) = fJ-{A2) and Ai is a new atom and A2 is an old atom. 
By abuse of notation, given any two atoms Ai, A2 £ B^j, we write Ai >- -'A2 if 
a(^i)>cr(^2) (that is, cr(^i) >cr(^2))- 

We have that :^ is a well-founded ordering on 5^ . 
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Lemma 5 

Let T be a /i-consistent proof tree for an atom A and a program P. Then, for every 

atom B and literal L which is a child of B in T, we have B >~ L. 

Proof 

Let Li, . . . , Lr be the children of B in T, for some ^ ^ P and valuation v such that 
v{'-^) is B <— Li A . . . ALr, and let L be the literal Li. If Li is the negated atom -^Ai 
then, since P is locally stratified w.r.t. a, we have <j{B) > (j{Ai) and B >~ Li. Let 
us now consider the case where Li is positive. 

If the predicate of B is old then, by ^-consistency of T, ^{B) >iQrj. fJ.{Li) ® • • ■ © 
/u(-Lr-)- By Lemma [3] (ii.l), /u(-^i) © • • • © iJ,{Lr) >igx A*(^i) ^-nd, thus, ^J,{B) >ig^ 
n{Li). By definition of )~, we have that B >- Li. 

If the predicate of B is new and 7 is cr-max derived then, by /i-consistency of T", 
/i(S) >;g2; /^(ij) and, thus, B >~ Li. 

Finally, if the predicate of B is new and 7 is not cr-max derived then 7 is a 
descendant of a clause that has not been derived by folding and, thus, the predicate 
of Li is old. By /i-consistency, ^{B) >ipj. IJ-{Li) and, since the predicate of B is new 
and the one of Li is old, we have B )~ Li. D 

Lem,m,a 6 

Consider the locally stratified w-program Pd of the admissible transformation se- 
quence Po, • ■ • , Pd, ■ ■ ■ , Pn, where: (1) Pq, . . . ,Pd is constructed by using rule (Rl), 
and (2) Pd,..., Pn is constructed by applying rules (R2)-(R7). If there exists a 
proof tree for A and Pd then there exists a /i-consistent proof tree for A and Pd . 

Proof 

Let us consider a proof tree T for A and Pd such that 

min-weight{A) — weight[a{A), T). We want to show that T is /i-consistent. That 

tree T can be depicted as in Figure IX2l That tree has been constructed by using at 

the top the clause 7 and a valuation v such that v{j) is of the form A -^ LiA. . .AL^- 

tree T : 




Figure A 2. A proof tree T for A and Pd such that min-weight{A) — 
weight{(7{A), T). There is a valuation v and a clause j ^ Pd such that v{-^) is 
of the form: A <— Li A . . . A Ln. For i = 1, . . . ,n, Ti is a /i-consistent proof tree for 
L, and Pd. 

By induction on size{T), we may assume that Ti, . . . , T!,j are /i-consistent proof 
trees. Since 7 is locally stratified, we also have that for i = 1, . . . , n, a{A) > a{Li). 
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(Recall that if Li, for some i G {1, . . . , n}, is a negated atom, then Ti consists of 
the single node Li and Ti is ^-consistent.) 

In order to prove the lemma we have to show the following two points: 
(PI) if ^ is a new atom then ^{A)>i^^fi{Li) © A ... A ©^(L„), and 
(P2) if A is an old atom then fi{A)>i^^ ^{Li) ® A ... A ®^{Ln). 

(Note that A ^ Li A . . . A L„ is not an instance of a cr-max derived clause 
belonging to Pd, because no such a clause exists in Pd and, thus, if Points (PI) and 
(P2) hold then the proof tree T is /i-consistent.) 

Now, let us consider the following two cases: (1) ^ is a new atom, and (2) A is 
an old atom. 

Case (1): ^ is a new atom. We have that: 
m(^) = (o-(^), min-weight{A)-l) = (cr(^), Ej=i,...,„ a a{L,)=aiA} mm-weight(Li)). 

Now, we consider two subcases. 
Case (1.1): for i = 1, . . . , n, a{A) >a{Li). In this case we have that: 

('^(^)>E^=i,...,„ A a(L,)=a(A) min-weight{L,)) = 

= (cr(^), 0) >i^^ ^i{Li) © ... © ^i{Ln). 
This last inequality holds because TTi{fi{Li) © ... © fi{Ln)) — 
= max{CT(Li) I z = 1, . . . , n} < cr{A), because for i = 1, . . . , n, a{A) > a-{Li). 
Case (1.2): there exists i G {1, . . . , n} such that a{A) — (T{Li). In this case we have 
that: 

(o-(^)> E»=i,...,„ A a{L,)=a{A) min-weight{Li)) == ^l{Ll) © ... © ^x{Ln), 
because n^Lp) © p.{Lq) — ^J.{Lp), whenever 7ri(/x(Lp)) > TTi{p{Lq)). This concludes 
the proof of Case (1) and of Point (PI). 

Case (2): A is an old atom. We have that: 

/i(j4) = {(t{A), min-weight{A)) — 

= {the proof tree T for A and Pd is such that 
min-weight{A) = weight{a{A), T)} = 

== {^{A), (E»=i,...,„ A a(L,)=a(A) min-weight{L,)) + 1). 
Let M be the subset of {1, ... , n} such that for all j G M, cr{Lj) ^(j{A). We have 
that: 

{<^{A), (E»=i,...,„ A a(U)=a(A) min-weight{L,)) + 1) = 

= (cr(^), (EjGM rnin-weight{Lj)) + 1) >i^^ A'(^i) © ... © ^l{Ln)■ 

This last inequality holds because Eigm iT^in-weight^Lj) = 7r2(/i(ii)©. . .(SiJ-{L„). 

This concludes the proof of Case (2), of Point (P2), and of the lemma. D 

Proposition 1 

Let P{) be a locally stratified w-program, cr be a local stratification for Po, and 
Poj • • • J -Pd, . . . , Fn be an admissible transformation sequence where: (1) Po, ■ ■ ■ , Pd 
is constructed by using rule (Rl), and (2) Pd, ■ ■ ■ , Pn is constructed by applying 
rules (R2)-(R7). Then, for every atom A e B^^, we have that, ior k — d,. . . ,n: 
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(Soundness) if there exists a proof tree for A and Pk , then there exists a proof tree 
for A and Pd, and 

(Completeness) if there exists a /i-consistent proof tree for A and Pd, then there 
exists a /i-consistent proof tree for A and Pk ■ 

Proof 

We prove the (Soundness) and (Completeness) properties by induction on k. 

Clearly they hold ior k = d. 

Now, let us assume, by induction, that: 



(IndHyp) the (Soundness) and (Completeness) properties hold for k, with d<k< 
n. 



We have to show that they hold for k + 1. 

In order to prove that the (Soundness) and (Completeness) properties hold for 
fc + 1, it is sufficient to prove that: 

(S) for every atom A G Buj, ii there exists a proof tree for A and Pk+i then there 

exists a proof tree for A and Pk , and 

(C) for every atom A G Buj, if there exists a /i-consistent proof tree for A and Pk 

then there exists a /i-consistent proof tree for A and Pk+i- 

We proceed by complete induction on the ordinal cr(A) associated with the atom A. 

The inductive hypotheses (IS) and (IC) for (S) and (C), respectively, are as follows: 



(IS) for every atom A' G B^j such that (j(A') < o-(A), if there exists a proof tree 
for A' and Pk+i then there exists a proof tree for A' and Pk, 



and 



(IC) for every atom A' G B^ such that (y(A') <a(A), if there exists a /i-consistent 
proof tree for A' and Pk then there exists a /i-consistent proof tree for A' and 

Pk + l- 



By the inductive hypotheses (IS) and (IC), we have that: 



(ISC) for every atom A' G Buj such that a-(A') <a(A) (and thus, A >~ A'), there 
exists a proof tree T' for A' and Pk iff there exists a proof tree U' for A' and 
Pk+i- 



Proof of (S). Given a proof tree U for A and Pk+i we have to prove that there 
exists a proof tree T for A and Pk- The proof is by complete induction on size( U). 
The inductive hypothesis is: 



(Isize) for every atom A' G B^j, for every proof tree U' for A' and Pk+i, if 
size(U') < size(U) then there exists a proof tree T' for A' and Pk- 



Let ?7 be a clause in Pk+i and w be a valuation. Let v(ri) be a clause of the form 
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A ■(^ Li A . . . A Lr used at the root of U. We proceed by considering the following 
cases: either (Case 1) rj belongs to Pk or (Case 2) 77 does not belong to Pk and 
it has been derived from a clause in Pk by applying a transformation rule among 
R2, R3, R4, R6, and R7. These two cases are mutually exclusive and exhaustive 
because rule R5 removes a clause. 

We have that, for i = 1, . . . , r, there is a proof tree Ti for Li and Pk- Indeed, 
(i) if Lj is an atom then, by induction on (Isizc), there exists a proof tree Tj for Li 
and Pk, and (ii) if Li is a negated atom -lA^ then, by the fact that program Pk+i 
is locally stratified w.r.t. a and by the inductive hypothesis (ISC), there is no proof 
tree for Ai and Pk and hence, by definition, there is a proof tree Ti for L^ and Pk- 

Case 1. A proof tree T for A and Pk can be constructed by using v{ri) and the 
proof trees Ti, . . . , TV for Li, . . . , Lr, respectively, and Pk- 

Case 2.1 {Pk+i is derived from Pk by using rule R2.) Clause 77 is derived by in- 
stantiating a variable X in a clause j ^ Pk- We have that 7 is a clause of the form 
A ■i^ Li A . - . A Lr and rj is of the form {A <~ Li A . - . A Lr){X /ls\X}} for some 
s e S. Thus, v{A{X/ls\Xj}) = A and, for i^l, . . . , r, v(l,{X /ls\Xj}) ^ L,. 

Let v' be the valuation such that v'{X) = v{ls\X}) and v'{Y) = v{Y) for every 
variable Y different from X . Then ^'(7) = v{ri) and a proof tree T for A and Pk 
can be constructed from Ti, . . . , T^ by using ^'(7) at the root of T. 

Case 2.2 {Pk+i is derived from Pk by using rule R3.) Clause 77 is derived by unfolding 
a clause "/ ^ Pk w.r.t. a positive literal, say K , in its body using clause ji- Recall that 
clauses 7 and 7^ are assumed to have no variables in common (see rule R3). Without 
loss of generality, we may assume that: (i) 77 is of the form (^ <— Li A . . . A Lr)i3i, 
(ii) 7 is of the form A <— K A i^+i A ... A Lr, with 0< q<r, and (iii) 7^ is of the 
form H <— Li A . - . A Lq, where "di is an (idempotcnt and without identity bindings) 
most general unifier of K and H - 

Let v' be the valuation such that:(i) v'{X) = v{X-di) for every variable X in the 
domain of 19^, and (ii) v'( Y) = v( Y) for every variable Y not in the domain of 1?^. 
For this choice of v' we have that v'{K) = {by definition of u'} = v{Kdi) = {since 
Kt}, = Hi},} = v{Hl}^) = {by definition of v'} = v'{H). 

For instance, given 7: p(X) ^ q{X, Y)As{X, Y, W) and7j: q{Z,a) ^ r{Z), hy 
unfolding 7 w.r.t. q{X, Y) using 7^, we get a most general unifier Si = {Z /X, Y /a} 
and the clause ry: p{X) ^ r{X)As{X, a, W). Thus, iiv{f])=p{b) 'h- r{b)As{b, a, c), 
we have v'{X) = b, v'{Wl=c, v'{Z) = b, and v'{Y) = a. 

Now, since v'{K)~v'{H), given the proof trees Ti, . . . , T^ for Li, . . . , L^, respec- 
tively, and Pk, we can construct a proof tree T for A and Pk as follows. Let K denote 
v'{K). (i) We first construct a proof tree Tk for K and Pk from Ti, . . . , T^ by using 
clause v'{'^i) at the root of Tk, and then, (ii) we construct T from Tk, Tg+i, . - . , Tr 
by using clause v^-y) at the root of T. 

Case 2.3 {Pk+i is derived from Pk by using rule R4.) Clause 77 is derived by unfolding 
a clause j <E Pk w.r.t. a negative literal, say -^K, in its body. Recall that we have 
assumed that ^(77) is of the form A <— Li A - . - A Lr- Without loss of generality, we 
may assume that: 
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(i) there exist m substitutions ■!?!,..., d^n and m clauses 71, ... , 7^ in Pk such that, 
for i = 1, . . . , 771, i?i is a most general unifier of K and hd{^i), K = hd{ji)'&i, and 
vili'&i) is of the form K 'i— B^, and 

(ii) ^(7) is of the form A <— -^K A L,n+i A ... A Lr, with < m < r, (note that, 
by Condition (1) of rule R4, 7 is not instantiated by the negative unfolding). Thus, 
v{ri) = A '^ Li A ... A Lr, is derived from A ^ -i(Si V ... V B,n) A L,n+i A ... Mr 
by pushing -1 inside and pushing V outside. 

Now, let us assume by absurdum that there exists a proof tree Uk for K and 
Pk+i- Then, there exists a valuation v' such that the children of the root of Uk are 
labeled by the literals Mi, . . . , M^, where v'{hd{'fi"di)) = Mi A ... A M^, for some «, 
with 1 < i < m. Since 7^ has no existential variables, without loss of generality 
we take v'{X) — v{X), for every variable X. By the definition of the negative 
unfolding rule, there exist j G {1, . . . , s} and h e {1, . . . , m} such that Mj ~ Lh. 
By hypothesis, there exists a proof tree for Lh and Pk and, thus, Uk is not a proof 
tree for K and Pk+i- This is a contradiction and, thus, we have that there is no 
proof tree for K and Pk+i- Since (j{K) < <t{A), by the inductive hypothesis (ISC), 
we have that there is no proof tree for K and Pk. Hence, there is a proof tree 
T^K ioT -iK and Pk. Thus, we can construct a proof tree T for A and Pk from 
T^K, Tm+i, . . . , Tr hy using clause ^(7) at the root of T. 

Case 2.4 {Pk+i is derived from Pk by using rule R6.) Let us assume that clause 
T] of the form A -(^ Li A L2 A ... A Lr is derived by positive folding from a clause 
7 e -Pfc of the form A ■ir- Ml A . . . A M^ A L2 A . . . A Lr using a clause 6 £ Defs^ 
of the form K •(— Mi A ... A Ms . Without loss of generality, we may assume that 
Li = K-d, where t? is a substitution such that, for i = l, . . . , s, Mi^ = Ml. Thus, the 
literal Li in the body of ^(77) is v{K{}). We have that S E Pd and the definition of 
the head predicate of S in Pd consists of clause 5 only. 

By induction on k, we have that the (Soundness) property holds for k. We know 
that there is a proof tree for Li and Pk . Hence, by Conditions (i) and (ii) of rule 
R6, there exists a proof tree for Li and Pd, for some valuation v' such that v'{S) is 
of the form Li ^ Mi A . . . A M^ (note that if X e vars{r]) then v'{X) = v{X)). 

By induction on k, we have that the (Soundness) and {Completeness) properties 
hold for k. Thus, there are proof trees Ui, . . . , Us for Mi, . . . ,Ms, respectively, and 

Pk. 

Finally, by induction on (Isize), we know that there exist the proof trees T2, . . . , Tr 
for L2, . . . , Lr, respectively, and Pk. As a consequence, we can construct a proof tree 
T for A and Pk from Ui, . . . , Us, T2, . . . , Tr by using clause v{"f) at the root of T. 

Case 2.5 (Pk+i is derived from Pk by using rule R7.) Clause 77 is derived by negative 
folding from a clause "/ G Pk using clauses Si, . . . ,Sm in Defsf.. Thus, we have that: 
(i) t;(7) is of the form ^ ^ A^i A . . . A Nm A L2 A . . . A Lr, (ii) for i — 1, . . . , m, 
v{6i) is of the form K 'i— Bi, where either Ni is a positive literal Ai and B^ is 
-lAi, or Ni is a negative literal -lAi and B^ is Ai, and (iii) v{ri) is of the form 
A^ ^K AL2A...ALr. Thus, Li = -.if. 

By the inductive hypothesis (ISC), there exists a proof tree for Li and Pk and, 
since Li — -^K, there is no proof tree for K and Pk- By induction on fc, we have that 



Transformations of Logic Programs on Infinite Lists 31 

the (Completeness) holds for k and, therefore, there exists no proof tree for K and 
Pd- We have that {^i, . . . ,(5,„} C P^ and the clauses definmg the head predicate 
of (5i, . . . , Sm in Pd are {Si, . . . ,6m.}- Thus, there are no proof trees for Bi, . . . , B^ 
and Pd- 

By induction on k, the (Soundness) property holds for k and, therefore, there 
are no proof trees for Bi, . . . , B,n and P^- Thus, there are proof trees Ui, - . - , Um 
for Ni, . . . , Nm, respectively, and Pk- Finally, by induction on (Isize), we have that 
there are the proof trees T2, - - - , TV for L2, - - - , Lr, respectively, and Pk - We can 
construct a proof tree T for A and Pk from Ui, . - ., Um, T2, - - - , Tr hy using clause 
v('y) at the root of T. 



Proof of (C). Given a /i-consistent proof tree T for A and Pk, we prove that there 
exists a /^-consistent proof tree U for A and Pk+i- 

The proof is by well-founded induction on ;^ C Bi^xBuj- The inductive hypothesis 
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Let 7 be a clause in Pk and u be a valuation such that v("f) is the clause of the 
form j4 <— Li A . . . A Lr used at the root of T. We consider the following cases: 
either (Case 1) 7 belongs to Pk+i or (Case 2) 7 does not belong to Pk+i because 
it has been replaced by zero or more clauses derived by applying a transformation 
rule among R2-R7. 

Case 1. By the /^-consistency of T and Lemma [5l for i = 1, . . . , r, we have A y Li. 
Hence, by the inductive hypotheses (Ifi) and (ISC), there exists a /^-consistent 
proof tree Ui for Li and Pk+i- A /i-consistent proof tree U for A and Pk+i is 
constructed by using 11(7) at the root of U and the proof trees Ui,.--, Ur for 
Li, . . . , Lr, respectively, and Pk+i- 

Case 2.1 (Pk+i is derived from Pk by using rule R2.) Suppose that by instantiating 
a variable X of clause j in Pk we derive clauses 71 , . . . , 7^ in Pk+i- For i — 1,. . . ,h, 
7i is 7{X/|si|X]}, with Si £ E. Hence, there exist i £ {1, . . . ,h} and a valuation v' 
such that ^(7) = w'(7i). By the /i-consistency of T and LemmaEl ioi i = 1, . . . , r, 
we have A >- Li. Hence, by the inductive hypotheses (I/i) and (ISC), for i — 1, . . . , r, 
there exists a /t-consistent proof tree Ui for Li and Pk+i- A proof tree U for A and 
Pk+i is constructed by using v'(-fi) at the root of U and the proof trees C/i, . . . , Ur 
for Li, . . . , Lr, respectively, and Pk+i- 

The proof tree U is /t-consistent because: (i) by (I/t), we have that Ui, . . . , Ur are 
/{-consistent, (ii) 7^ is cr-max derived iff 7 is cr-max derived, and (iii) since T is /i- 
consistent, we have that if 7 is not cr-max derived then ^(A) >igj. /i(Li)©. . .(B^j,(Lr) 
else n(A) >i^^ fi(Li) © ... © fi{Lr). 

Case 2.2 (Pk+i is derived from Pk by using rule R3.) Suppose that by unfolding 
7 w.r.t. an atom B in its body we derive clauses 7/1, . . . , 77^ in Pk+i. Without loss 
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of generality, we assume that B is the leftmost literal in the body of 7. Hence, 
there exists a clause 7^ in (a variant of) Pk such that: (i) v{'^i) is of the form 
Li ^ MiA.../\Mq, (ii) v{r]i) is A <~ MiA. . .AM, AL2A. . .AL^, and (iii) t;(7,) is the 
clause which is used for constructing the children of Li in T. By the /^-consistency 
of T and Lemma [S] for i = 1, . . . , g, we have A )^ Mi and, for i = 2, . . . , r, we 
have A >~ Li. Hence, by the inductive hypotheses (I/i) and (ISC), for z = 1, . . . , g, 
there exists a /i-consistent proof tree Vi for Mi and Pk+i and, for i — 2, . . . , r, 
there exists a /x-consistent proof tree Ui for Li and Pk+i- A proof tree U for 
A and Pk+i is constructed by using v(r]i) at the root of U and the proof trees 
Vi,..., Vq, U2,...,Ur for Ml, . . . , Mg,L2, .■.,Lr, respectively, and Pk+i- 

It remains to show that the proof tree U is /^-consistent. There are two cases: (a) 
and (b). 

Case (a): in this first case we assume that A is new and rji is not cr-max derived. 
Since T" is /i-consistent we get /i(^) >/g2; ^i{Li)(Bfi{L2)(B. . .(BfJ.{Lr) and/i(Li) >ig^ 
/t(Mi)®...®/i(M,). By Lemma[3](ii.2), we get /i(^) >i^^ /i(Mi) © . . . © /i(M,) © 
f^{L2)S)...®^l{Lr). 

Case (b): in this second case, we assume that A is old or rji is a-max derived. We 
have two subcases (b.l) and (b.2). 

Subcase (b.l): A is old. Since T is /t-consistent, we get that ^j,{A) >Iqj. /t(ii) A. . .A 
n{Lr) and /i(ii) >/g^ /t(Mi) A ... A /t(Mg). By Lemma [3] (ii. 2) we get /i(^) >i^^ 
/t(Mi)A...A/i(M,). 

Subcase (b.2): 77^ is cr-max derived. We may assume that A is new, because in 
Subcase (b.l) we have considered that A is old. Now we consider two subcases of 
this Subcase (b.2). 

Subcase (b.2.1): rji is cr-max derived, A is new, and 7 is cr-max derived, and 
Subcase (b.2. 2): rji is cr-max derived, A is new, and 7 is not cr-max derived. 
Subcase (b.2.1). Since T is /i-consistent we get IJ,{A) >iQr^ /i(Li)©/i(L2)®- • -(Bf^iLr) 
and/t(Li) >ig^ /i(Mi)©. . .©/^(M,). By Lemma|n](ii.2), we get /i(^) >i^^ /i(Mi)© 

... © /i(Mg) © fl{L2) © ... © fJ,{Lr). 

Subcase (b.2. 2). Since T is /i-consistent and Li is old, we get: (fl) /i(ii) >igx 
/t(Mi) © ... © ji{Mq), and (12) 7r2(/i(Li)) > 0. Since 77^ is cr-maximal derived, we 
havethat, for i = 2,...,r, cr(Li)>CT(Lj). Thus, (jS) cr(Li) > 7ri(/i(L2)©- • •ffi/*(ir))- 
From (tl), (12), and (jS), by LemmaO (ii.3), we get: (t4) /i(Li) © fi{L2) © ... © 
/t(Lr-) >/ea; KMi) © ... © fJ.{Mq) © /i(L2) © ... © f^iLr). Since T is /^-consistent, 
we have that n{A) >Iqj. /^(ii) © ... © fJ-{Lr), and by (t4) we get: iJ,{A) >Iqj. 
/i(Mi) © ... © n{Mq) © /i(L2) © ... © /f(ir), as desired. 

This concludes the proof that U is a /i-consistent proof tree. 

Case 2.3 {Pk+i is derived from Pk by using rule R4.) Suppose that we unfold 7 
w.r.t. a negated atom in its body and we derive clauses rji, . . . ,r]s in Pk+i- Without 
loss of generality, we assume that we unfold 7 w.r.t. the leftmost literal in its body. 
Let 71 , . . . , 7m be all clauses in (a variant of) Pk whose heads are unifiable with 
the leftmost literal in the body of 7. We may assume that, for i = 1, . . . , m, v{'~fi) 
is of the form Ai <— Bi, where Li = -^Ai and Bi is a conjunction of literals. Since 
there is no proof tree for Ai and Pfc, for z = 1, . . . , m, there exists a literal Ri in Bi 
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such that there is no proof tree for Ri and Pk ■ By definition, there is a proof tree 
for Ri and Pk- Moreover, (i) A >- ^A\ because by hypothesis the proof tree T is 
/i-consistent, and (ii) cr(-i^i) > a{Ri), because Pk is locally stratified w.r.t. a. 

Now we have two cases: (i) Ri is an atom, and (ii) Ri is a negated atom, say ^Ci. 
In Case (i) we have that (j{A) > cr(^i) > <j{Ri) and, thus, A >- Ri. In Case (ii) 
we have that (j{A) > <t{Ai) > a{-^Ci) and, thus, (j{A) > cr(Ci) = <j{Ri) and 
/i(^) > n{Ri). Hence, A >- Ri. Thus, in both cases A >- Ri. 

Since A >- Ri, by the inductive hypotheses (I/i) and (ISC), we have that, for 
i = 1, . . . , m, there exists a /i-consistent proof tree Vi for Ri and Pk+i. By the 
/i-consistency of T", for i — 2, . . . , r, there exists a /i-consistent proof tree Ui for Li 
and Pk+i- By the definition of rule R4, there exists a clause rjp among the clauses 
r]i, . . . ,ris derived from 7, such that v{r]p) is of the form A -s— i?i A . . . A Rm A 
L2 A . . . A Lr. (To see this, recall that by pushing ^ inside and V outside, from 
-((^1 A C2) V (Di A D2)) we get (Ci ADi) V (C1AD2) V (C2 ADi) V (C2AD2).) 

A proof tree U for A and Pk+i is constructed by using v{rip) at the root of U 
and the proof trees Vi, . . . , F™, 1/2, •■•, C^r for i?i, ... , Rm, L2, . ■ . , Lr, respectively, 
and Pk+i. 

In order to show that U is /i-consistent we need to consider two cases. In the 
first case, we assume that A is old or rj is cr-max derived. Thus, in this case, also 7 
is cr-max derived. By /i-consistency of T, we have ^i{A) >igj. fJ-iLi) © • • • © n{Lr). 
By local stratification of Pk and by Lemma HI fi{Li) >ig^ A*(-Ri) © ■ • • © fi{Rm). 
Therefore, by Lemma [3](ii.2), /i(^) >i^^ /i(^i) ©•• •©/i(^m) 0/^(^2) ® •• •®/i(ir) 
and U is /^-consistent. 

In the second case, A is new and rj is not a-max derived. As a consequence, also 7 
is not cr-max derived. By /i-consistency of T we have ^J-{A) ^Ipt~ fJ-iLi)®- ■ ■(B^{Lr). 
By local stratification of Pfc and by Lemma IH ^l{L^) >igj; /i(i?i)©- • -©//(-Rm) and, 
by Lemma[2](n.2), n{A) >i^^ ^i(Rl) ® ■ ■ ■ ® n(R,n) ® f^{L2) ® ■ ■ ■ ® n{Lr) . Therefore, 
U is /i-consistent. 

Case 2.4 (Pk+i is derived from Pk by using rule R5.) Suppose that the clause 7 is 
removed from Pk by subsumption. Hence, there exists a clause 71 in Pk — {7} and 
a valuation v' such that ^'(71) is of the form A -s— . The clause 71 belongs to Pk+i 
and, therefore, a proof tree U for A and Pk+i can be constructed by using ^'(71) 
at the root of U. The proof tree U consists of the root A with the single child true. 
Now we prove that the proof tree U is /^-consistent, that is, fi{A) >ipn~ fi{true). We 
have to prove that fi{A) >igj. (0,0). We have the following three cases: (a), (b.l), 
and (b.2). 

Case (a). A is an old atom. In this case we have that fi{A) >igj. (0,0), because, as 
stated in Remark[2l for any old atom 5, we have that min-weight{B)>0. 
Case (b). ^4 is a new atom. Since A is new, there is a valuation v' and a clause 6 
in Pd such that v'{S) is of the form A -i^ G, for some goal G. Now, let us consider 
the following two subcases. 

Case (b.l) G is of the form: GlABAGr and B is an old atom. By (1) the hypothesis 
that T is a /i-consistent proof tree for ^ in P^, (2) the {Soundness) property, and 
(3) Lemma HI we have that there exists a /z-consistent proof tree Td for A and Pd 
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where 5 is a child of A. By /i-consistency of Td, we have that n{A) >Iq^ I^{B)- 
Since /x(5) =^gf {cr{B), min-w eight {B)) and, since B is an old atom, by Reniark[2l 
we have that min-w eight {B) >0. Thus, we get that ^.{A) >ipj. (0, 0). 
Case (b.2) G is of the form: Gl A -^B A Gr and B is an old atom. Since 5 is 
locally stratified, (j{A)>a{B) and, thus, <j{A)>0. Hence, /x(j4) =^g^f {a{A),min- 
weightiA)^!) >i^^{0,0). 

This concludes the proof tree U is /i-consistent. 

Case 2.5 {Pk+i is derived from Pk by using rule R6.) Let us assume that clause rj 
of the form A ^ K-d A -Z/^+i A . . . A Lr is derived by positive folding from a clause 
7 G Pfc of the form ^ <— Li A . . . A L, A ig+i A ... A L^ using a clause (5 £ Defsf. of 
the form K <^ L[A. . . A L' and where "i? is a substitution such that, for i — l,...,q, 
L[i) = Li. We have that S £ Pd and the definition of the head predicate of 6 in Pd 
consists of clause S only. 

Thus, there is a valuation v such that v{A) = A and in the proof tree T for 
A and Pk the children of vl are the nodes Li, . . . , Lq, ig+i, . . . , Lr such that for 
« = 1, . . . , g, Li = w(iji) and for i = g + 1, . . . , r, Li — v{Li). By the induction 
hypothesis (IndHyp) there exist proof trees for v'{L[), . . . , v'{L' ) and Pk, for some 
valuation v' such that, for i = l, . . . , g, v'{L[d) — v{Li). Let if be v'(K-d). 

Since 5 £ Pd and M{Pd) |= (5, by Theorem [2] and Definition [TTl there is a fx- 
consistent proof tree for K and Pd- By induction hypothesis, the (Completeness) 
property holds for k and, thus, we have that there exists a /z-consistent proof tree for 
K and Pk- By the hypothesis that the transformation sequence Pq, - - . , Pd, - ■ - , Pn 
is admissible and by Condition (2) of Definition [5l either A is old or 7 is tr-max 
derived. Thus, by the /^-consistency of the proof tree T, we have that fi{A) >ignQ 

H{Li) © ■ • ■ © fJ.{Lg) © fi{Lq+i) © ■ • ■ © fi{Lr)- 

Since 5 is a clause in Defsj,, by Lemma[2]we have that ^j,{K) — /i(Li)©- • ■Q)ii{Lq) 
and, thus, 11(A) >i^^ fi{K) © /^(Lq+i) © • • • © /^(ir)- 

Moreover, by Lemma [3] (ii.5), fi{A) >igri; t^{K). Thus, A y K and, by the in- 
ductive hypothesis (I/x), there exists a /i-consistent proof tree Uk for iiT and Pk+i- 
By the /t-consistency of T and Lemma [5l for i = g + 1, . . . , r, we have A "^ Li- 
cence, by the inductive hypotheses (Ifi) and (ISC), for i= q + 1, - . - ,r, there exists 
a /i-consistent proof tree Ui for L^ and Pk+i- A proof tree [/ for A and Pfc+i is con- 
structed by using v' {-q) at the root of U and the proof trees Uk, Uq+i, . . . , LV for 
K, Lq+i, . . . , Lr, respectively, and Pk+i- The proof tree U is /t-consistent because, 
as we have shown above, /t(^) >Iqx A^(^) ® f^i^q+i) ® • • • ffi t^iLr)- 

Case 2.6 (-Pfc+i is derived from P^ by using rule R7.) Suppose that we fold 7 using 
clauses 61, - . - ,Sq, belonging to (a variant of) Defsk, and we derive a clause r/ in 
Pk+i- Without loss of generality, by the definition of rule R7 and the commutativity 
of A, we may assume that (i) v{-f) is of the form ^4 ^ Li A . . . A L^ A i^+i A ... A L^, 
(ii) for i = 1, . - . , q, v{6i) is of the form K <— Mi, where Mi — Ai, if Li = -^Ai, 
and Mi = -^Ai, if Li = Ai, and (iii) v{ri) is of the form A <— -^K A i^+i A ... A Lr- 
By the inductive hypothesis, the (Soundness) and (Completeness) properties hold 
for k and, therefore, for i = 1, . . . , g, there is no proof tree for Mi and Pd- Since 
M(Pd) \= K ^ MiW - . -y Mq, there is no proof tree for K and Pd- By the inductive 
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hypothesis, the {Soundness) property holds for k and, thus, we have that there is 
no proof tree for K and Pk ■ By the hypothesis that the transformation sequence 
Pq, . . . , Pd, ■ ■ ■ , Pn ^s, admissible and by Condition (3) of Definition[5l ^{A) > (j{K). 
Hence, by the inductive hypothesis (IS), there is no proof tree for K and -Pjt+i, 
that is, there is a proof tree U^k for -iK and Pk+i- By the /^-consistency of T and 
Lemma[5l for i = g+1, . . . , r, we have A >~ Li. Hence, by the inductive hypotheses 
(I/x) and (ISC), there exists a /i-consistent proof tree Ui for Li and Pk+i- A proof 
tree U for A and Pk+i is constructed by using v{ri) at the root of U and the proof 
trees U^k, Uq+i, . . . , Ur for -iK, L^+i, . . . , Lr, respectively, and Pk+i- 

In order to show that U is /i-consistent we need to consider two cases. 

In the first case, we assume that A is old or 7 is cr-max derived. Thus, in this case, 
also rj is cr-max derived. By /i-consistency of T, we have n{A) >/g2; m(-^i) S) • • • © 
IJL{Lq)®^{Lq+i)®- ■ -(BfiiLr). By Lemma[3] (11.5) , we have that fi{A) >igr^ //(L^+i)© 
• • • © fi{Lr). Since the transformation sequence Pq, . . . , P„ is admissible, clause 77 is 
locally stratified and, thus, cr{A) > (t{K). Hence, ■Ki{fi{A)) — {by definition of /i} — 
a{A) > a{K) = {by definition of /(} = 7ri(/j(-iir)). Therefore, by Lemma [3] (ii. 4), 
we have that: n{A) >/g2; f^i^K) (B /t(L,+i) ® ■ • • ® fi{Lr). Thus, U is /i-consistent. 

In the second case, A is new and 7 is not a-max derived. As a consequence, also 77 
is not (j-max derived. By /(-consistency of T we have n{A) >igj. fi{Li)(B- ■ -©/((L^)© 
/t(Lg+i) ® • • • © fJ,{Lr)- And, by Lemma[3] (ii.5), fi{A) >igj. fJ.{Lq+i) © • • • © ^i{Lr). 
Since 7ri(/i(yl)) > 7ri(/t(-i iiT)) (sec the first case), by Lemma [3] (ii. 4), we have that: 
t^{A) >Iqx f^i^K) (B fi{Lq-^i) (B ■ • • ©/i(ir)- Thus, U is /i-consistent. This completes 
the proof. D 

The correctness of admissible transformation sequences, that is. Theorem [T] of 
SectionlH follows immediately from Theorem[2]and Proposition[T]because: (i) Pd = 
Pq U Defsn, and (ii) a /t-consistent proof tree is a proof tree. 
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